ghsa

JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department.

### Impact The Candid library causes a Denial of Service while parsing a specially crafted payload with `empty` data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the rust candid decoder treats `empty` as an extra field required by the type. The problem with type `empty` is that the candid rust library wrongly categorizes `empty` as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. For asset canister users, `dfx` versions `>= 0.14.4` to `<= 0.15.2-beta.0` ships asset canister with an affected version of candid. #### Unaffected - Rust canisters using candid `< 0.9.0` or `>= 0.9.10` -...

From HackerOne report [#1948040](https://hackerone.com/reports/1948040) by Halit AKAYDIN (hltakydn) ### Impact _What kind of vulnerability is it? Who is impacted?_ The TinyMCE WYSIWYG editor fails to filter scripts when rendering the HTML in specially crafted HTML tags. ### Patches _Has the problem been patched? What versions should users upgrade to?_ This vulnerability was fixed in version 20.2.0 by upgrading TinyMCE to a recent version in https://github.com/OpenMage/magento-lts/pull/3220 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ The WYSIWYG editor features could be disabled in the configuration. Possibly some WAF appliances would filter this attack. ### References _Are there any links users can visit to find out more?_ The attack is simply an exploit of the "onmouseover" attribute of an `img` element as described on [OWASP XSS Filter Evasion](https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet...

### Impact Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable image, instead of restricting to only the single configured image, as intended. ### Patches Upgrade to DockerSpawner 13. ### Workarounds Explicitly setting `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior: ```python c.DockerSpawner.image = "your-image" c.DockerSpawner.allowed_images = ["your-image"] ```

An issue present in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method.

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0.0.

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.

Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0.

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.0. Unpublished and deleted product(s) can be added to checkout.