ghsa

The bundled xml-rpc debugger is susceptible to XSS attacks. Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in the default configuration it is not exposed to requests from the web, the likelihood of exploitation may be low.

dompurify prior to version 2.2.3 is vulnerable to a cross-site scripting problem caused by nested headlines.

dompurify prior to version 2.2.2 is vulnerable to cross-site scripting when converting from SVG namespace.

## Summary RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. ## Description An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. For example, if an attacker controls the `ATTACKER.HOST` domain, they can send a request to affected routes with the value set to `ATTACKER.HOST%2F%23`. The `%2F` and `%23` characters are URL-encoded versions of the forward-slash (`/`) and pound (`#`) characters, respectively. In this context, an attacker could use those characters to append the base URL (i.e. `https://${input}.defined.host`) to be modified to `https://ATTACKER.HOST/#.defined.host`. This will cause the server to send a request to the attacker-controlled domain, allowing the attacker to potentially gain access to sensitive information or perform further attacks on the server. ## Proof o...

A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.

### Impact RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtain a valid access token only through a refresh token grant. When the locked or deactivated user’s session was already terminated (“logged out”) then it was not possible to create a new session. Renewal of access token through a refresh token grant is limited to the configured amount of time (RefreshTokenExpiration). ### Patches 2.x versions are fixed on >= [2.17.3](https://github.com/zitadel/zitadel/releases/tag/v2.17.3) 2.16.x versions are fixed on >= [2.16.4](https://github.com/zitadel/zitadel/releases/tag/v2.16.4) ZITADEL recommends upgrading to the latest versions available in due course. ### Workarounds Ensure the RefreshTokenExpiration in the OIDC settings of your instance is set ...

### Impact The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. The following payload demonstrates a vulnerable configuration: ``` ---js ((require("child_process")).execSync("id >> /tmp/rce")) --- ``` ### Patches A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. The patch introduces a new option, `JSFrontmatterEngine` which is ...

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of [GHSA-4xh4-v2pq-jvhm](https://github.com/advisories/GHSA-4xh4-v2pq-jvhm). This link is maintained to preserve external references. ## Original Description The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression.