Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-c25x-cm9x-qqgx: Deno improperly handles resizable ArrayBuffer

### Impact [Resizable ArrayBuffers](https://github.com/tc39/proposal-resizablearraybuffer) passed to asynchronous native functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. ### Patches The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. ### Workarounds Upgrade to Deno 1.32.1, or run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers.

ghsa
Open in Source
#git#perl
GHSA-564r-hj7v-mcr5: Spring Framework vulnerable to denial of service via specially crafted SpEL expression

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

GHSA-r47r-87p9-8jh3: Spring Vault vulnerable to insertion of sensitive information into a log file

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

GHSA-vj5p-fp42-774p: Moodle may display roles to users who don't have access to them

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view.

GHSA-7x96-2w32-w3gw: tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

GHSA-w4x6-6w3r-9h2m: tripleo-ansible may disclose important configuration details from an OpenStack deployment

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

GHSA-4pqp-69m3-f8pp: NotrinosERP vulnerable to SQL Injection

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at `/NotrinosERP/sales/customer_delivery.php`.

GHSA-hh52-g5c4-wprh: Moodle may allow authenticated users to enumerate other user's names via learning plans page

Authenticated users were able to enumerate other users' names via the learning plans page.

GHSA-9f45-9qrw-pp4v: Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional

If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.

GHSA-72w2-j52c-7682: Moodle SQL Injection vulnerability

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).