Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-qppw-c37g-xwcc: PaddlePaddle nullptr dereference in paddle.crop

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

ghsa
Open in Source
#dos#git
GHSA-547m-23x7-cxg5: PaddlePaddle null pointer dereference in paddle.nextafter

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

GHSA-mr78-v55p-7777: PaddlePaddle segfault in paddle.mode

OOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

GHSA-2wcj-qr76-9768: PaddlePaddle segfault in paddle.put_along_axis

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

GHSA-xjpw-hx47-rccv: PaddlePaddle floating point exception in paddle.nanmedian

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

GHSA-wjc4-73q6-gv3m: plotly.js prototype pollution vulnerability

In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.

GHSA-ghm2-rq8q-wrhc: Potential Actions command injection in output filenames (GHSL-2023-275)

### Summary The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. ### Details The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` and \` (backtick) which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands an attacker may be able to steal **secrets** such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. For example on `push`. #### Proof of Concept 1. Submit a pull request to ...

GHSA-mcph-m25j-8j63: tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)

### Summary The `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. ### Details The [`changed-files`](https://github.com/tj-actions/changed-files) action returns a list of files changed in a commit or pull request which provides an `escape_json` input [enabled by default](https://github.com/tj-actions/changed-files/blob/94549999469dbfa032becf298d95c87a14c34394/action.yml#L136), only escapes `"` for JSON values. This could potentially allow filenames that contain special characters such as `;` and \` (backtick) which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands an attacker may be able to steal **secrets** such as `GITHUB_TOKEN` i...

GHSA-487p-qx68-5vjw: Hail relies on OIDC email claims to verify the validity of a user's domain.

### Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "inconspicuous@example.org". This Microsoft or Google account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is "example.org". In Google, this attack is partially mitigated because Google requires users to verify ownership of their Google account. However, a valid user is able to create multiple distinct Hail Batch accounts by creating multiple distinct Google accounts using email addresses of the form "real_user_email_name+random_id@example.org". In Microsoft, this attack requires Azure AD Administrator access to an Azure AD Tenant. The Azure AD Administrator is permitted to change the email address of an account to any other email address without verification. An ...

GHSA-8x6f-956f-q43w: OWASP.AntiSamy mXSS when preserving comments

# Impact There is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. # Patches Patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. # Workarounds If you cannot upgrade to a fixed version of the library, the following mitigation can be applied until you can upgrade: Manually edit your AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also it would be useful to make AntiSamy remove the `noscript` tag by adding this in your tag definitions under the `<tagrules>` node (or deleting it ...