Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-745p-r637-7vvp: Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued

### Impact Setting `$secure` or `$httponly` value to `true` in `Config\Cookie` is not reflected in `set_cookie()` or `Response::setCookie()`. > **Note** > This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set `$secure = true` in `Config\Cookie`. ```php helper('cookie'); $cookie = [ 'name' => $name, 'value' => $value, ]; set_cookie($cookie); // or $this->response->setCookie($cookie); ``` ### Patches Upgrade to v4.2.7 or later. ### Workarounds 1. Specify the options explicitly. ```php helper('cookie'); $cookie = [ 'name' => $name, 'value' => $value, 'secure' => true, 'httponly' => true, ]; set_cookie($cookie); // or $this->response->setCookie($cookie); ``` 2. Use Cookie object. ```php use CodeIgniter\Cookie\Cookie; helper('cookie'); $cookie = new Cookie($name, $value); set_cookie($cookie); // or $this->response->...

ghsa
Open in Source
#vulnerability#git#php
GHSA-m5m3-46gj-wch8: SIF's Digital Signature Hash Algorithms Not Validated

### Impact The `github.com/sylabs/sif/v2/pkg/integrity` package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. ### Patches A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. ### Workarounds Users may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure. ### References * [CVE-2004-2761](https://nvd.nist.gov/vuln/detail/cve-2004-2761) * [CVE-2005-4900](https://nvd.nist.gov/vuln/detail/cve-2005-4900) ### For more information If you have any questions or comments about this advisory: * Open an issue in [github.com/sylabs/sif](https://github.com/sylabs/sif/issues/new) * Email us at [security@sylabs.io](mailto:security@sylabs.io)

GHSA-px9g-8hgv-jvg2: kamadak-exif vulnerable to Infinite loop when parsing PNG files

### Impact Reader::read_from_container can cause an infinite loop when a crafted PNG file is given. ### Patches Version 0.5.3 includes the fix. ### Workarounds No workaround is available. Applications that do not pass files with the PNG signature to Reader::read_from_container are not affected. ### References * <https://github.com/kamadak/exif-rs/security/advisories/GHSA-px9g-8hgv-jvg2> * <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21235> ### For more information If you have any questions or comments about this advisory: * Open an issue in [github.com/kamadak/exif-rs](https://github.com/kamadak/exif-rs)

GHSA-5hw4-m7f3-hhx8: TCPDF vulnerable to attackers triggering deserialization of arbitrary data

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the `phar://` wrapper.

GHSA-wrx5-rp7m-mm49: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions

Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except `compile()` and `compilePath()` function. The XPath expression can be used by an attacker to load any Java class from the classpath resulting in code execution.

GHSA-77xx-rxvh-q682: HyperSQL DataBase vulnerable to remote code execution when processing untrusted input

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", "abc") or Java argument -Dhsqldb.method_class_names="abc" can be used. From version 2.7.1 all classes by default are not accessible except those in java.lang.Math and need to be manually enabled.

GHSA-mqxp-cjr9-c5jm: JXPath Out-of-bounds Write vulnerability

Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-mf2h-6mg2-px9x: JXPath Out-of-bounds Write vulnerability

Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-hw4q-585g-f92x: JXPath Out-of-bounds Write vulnerability

Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.

GHSA-99jc-v8qm-wjvv: JXPath Out-of-bounds Write vulnerability

Those using JXPath to interpret XPath may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.