ghsa

### Summary A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message, which could lead to a denial of service (DoS) on services using the libraries. Reporter: [ClusterFuzz](https://google.github.io/clusterfuzz/) Affected versions: All versions of C++ Protobufs (including Python) prior to the versions listed below. ### Severity & Impact **Medium 5.7** - [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) A small (~500 KB) malicious payload can be constructed which causes the running service to allocate more than 3GB of RAM. ### Proof of Concept For reproduction details, please refer to the unit test that identifies the specific inputs that exercise this parsing weakness. ### Mitigation / Patching Please update to the latest available versions of the following pac...

### Impact An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. Where the amount of gas makes a difference in the success or failure, or if the gas is a negative 64 bit value, the execution will result in a different state root than expected, resulting in a consensus failure in networks with multiple EVM implementations. In networks with a single EVM implementation this can be used to execute with significantly more gas than then transaction requested, possibly exceeding gas limitations. ### Patches Version 22.7.1 contains a fix, ensuring that excess gas will not be allocated to inner transaction calls and correcting the excess gas errors. ### Workarounds Reverting to version 22.1.3 or earlier will prevent incorrect execution. However many ethereum mainnet networks require changes in more rec...

### Impact An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher's service account token (used to provision clusters), were stored in plaintext directly on Kubernetes objects like `Clusters`, for example `cluster.management.cattle.io`. Anyone with read access to those objects in the Kubernetes API could retrieve the plaintext version of those sensitive data. The exposed credentials are visible in Rancher to authenticated `Cluster Owners`, `Cluster Members`, `Project Owners`, `Project Members` and `User Base` on the endpoints: - `/v1/management.cattle.io.catalogs` - `/v1/management.cattle.io.cluster` - `/v1/management.cattle.io.clustertemplates` - `/v1/management.cattle.io.notifiers` - `/v1/project.cattle.io.sourcecodeproviderconfig` - `/k8s/clusters/local/apis/management.cattle.io/v3/catalogs` - `/k8s/clusters/local/apis/management.cattle.io/v3/clusters` - `/k8s/clusters/local/apis/management.catt...

A Stored XSS vulnerability was reported in the Keycloak Security mailing list, affecting all the versions of Keycloak, including version 19.0.1. The vulnerability allows a privileged attacker to execute malicious scripts in the admin console, abusing of the default roles functionality. Version 19.0.2 contains a patch for this issue. ### Credits Aytaç Kalıncı, Ilker Bulgurcu, Yasin Yılmaz (@aytackalinci, @smileronin, @yasinyilmaz) - NETAŞ PENTEST TEAM

An issue was discovered in Keycloak allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the `UPLOAD_SCRIPTS` feature is disabled

### Impact Authenticated users can send a request to delete-objects through the s3 gateway and delete files they are not authorized to delete. ### Patches lakeFS v0.82.0 and later ### Workarounds Drop specific request to the lakeFS listen port. Any request with "Authorization" header and value that starts with "AWS". ### References [advisories/GHSA-28q9-9c3g-v3f9](https://github.com/treeverse/lakeFS/security/advisories/GHSA-28q9-9c3g-v3f9) ### For more information If you have any questions or comments about this advisory: Ask on the [lakeFS Slack](https://github.com/treeverse/lakeFS/security/advisories/lakefs.io/slack) #help channel Email us at [security@treeverse.io](mailto:security@treeverse.io)

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to the wrong alias due to an issue with checking the proper alias assigned to an entity. This may allow for unintended access to key/value paths using that metadata in Vault.

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14.