Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-4rv7-wj6m-6c6r: XStream Denial of Service due to parser crash

Those using XStream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

ghsa
Open in Source
#dos#git
GHSA-fv22-xp26-mm9w: XStream Denial of Service due to parser crash

Those using XStream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-9fwf-46g9-45rx: XStream Denial of Service via stack overflow

Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

GHSA-5hc5-c3m9-8vcj: XStream Denial of Service via stack overflow

Those using Xstream to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

GHSA-wxvf-839f-jqmh: Craft CMS Cross site Scripting vulnerability

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via `src/helpers/Cp.php`.

GHSA-8r89-x93x-mjq2: Craft CMS Stored Cross-site Scripting in User Addresses Title

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in `/admin/myaccount`.

GHSA-mw37-wx8p-gp45: Craft CMS vulnerable to Cross-site Scripting via Drafts

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. Version 4.2.1 contains a patch for this issue.

GHSA-m6vp-8q9j-whx4: TensorFlow vulnerable to `CHECK` fail in `Save` and `SaveSlices`

### Impact If `Save` or `SaveSlices` is run over tensors of an unsupported `dtype`, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf filename = tf.constant("") tensor_names = tf.constant("") # Save data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=-2021), tf.uint64) tf.raw_ops.Save(filename=filename, tensor_names=tensor_names, data=data, ) # SaveSlices shapes_and_slices = tf.constant("") data = tf.cast(tf.random.uniform(shape=[1], minval=-10000, maxval=10000, dtype=tf.int64, seed=9712), tf.uint32) tf.raw_ops.SaveSlices(filename=filename, tensor_names=tensor_names, shapes_and_slices=shapes_and_slices, data=data, ) ``` ### Patches We have patched the issue in GitHub commit [5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4](https://github.com/tensorflow/tensorflow/commit/5dd7b86b84a864b834c6fa3d7f9f51c87efa99d4). The fix will be included in TensorFlow 2.10.0. We will also cherrypick...

GHSA-p2xf-8hgm-hpw5: TensorFlow vulnerable to `CHECK` fail in `ParameterizedTruncatedNormal`

### Impact `ParameterizedTruncatedNormal` assumes `shape` is of type `int32`. A valid `shape` of type `int64` results in a mismatched type `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf seed = 1618 seed2 = 0 shape = tf.random.uniform(shape=[3], minval=-10000, maxval=10000, dtype=tf.int64, seed=4894) means = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) stdevs = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) minvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) maxvals = tf.random.uniform(shape=[3, 3, 3], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2971) tf.raw_ops.ParameterizedTruncatedNormal(shape=shape, means=means, stdevs=stdevs, minvals=minvals, maxvals=maxvals, seed=seed, seed2=seed2) ``` ### Patches We have patched the issue in GitHub commit [72180be03447a10810edca700cbc9a...

GHSA-9942-r22v-78cp: TensorFlow vulnerable to `CHECK` fail in `LRNGrad`

### Impact If `LRNGrad` is given an `output_image` input tensor that is not 4-D, it results in a `CHECK` fail that can be used to trigger a denial of service attack. ```python import tensorflow as tf depth_radius = 1 bias = 1.59018219 alpha = 0.117728651 beta = 0.404427052 input_grads = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033) input_image = tf.random.uniform(shape=[4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033) output_image = tf.random.uniform(shape=[4, 4, 4, 4, 4, 4], minval=-10000, maxval=10000, dtype=tf.float32, seed=-2033) tf.raw_ops.LRNGrad(input_grads=input_grads, input_image=input_image, output_image=output_image, depth_radius=depth_radius, bias=bias, alpha=alpha, beta=beta) ``` ### Patches We have patched the issue in GitHub commit [bd90b3efab4ec958b228cd7cfe9125be1c0cf255](https://github.com/tensorflow/tensorflow/commit/bd90b3efab4ec958b228cd7cfe9125be1c0cf255). The fix will be included in Tenso...