Source
ghsa
### Impact An attacker could crash the server by sending malformed JWT JSON in `LoginPacket` due to a security vulnerability in [`netresearch/jsonmapper`](https://github.com/cweiske/JsonMapper), due to improper checking for mapping JSON arrays and objects onto scalar model properties such as strings. ### Patches The problem was fixed in a fork of JsonMapper in dktapps/JsonMapper@a31902a31f5b6fdb832f57c0e3a3f16a3b41c012. PocketMine-MP releases 4.20.5 and 4.21.1 have been released with the fix. ### Workarounds - Users of PocketMine-MP source installations may manually install the patched version of JsonMapper by backporting commit pmmp/PocketMine-MP@09668a37d66c6023685a948b7550c918620e98f2. - A plugin may also be able to workaround this issue by using `DataPacketReceiveEvent` to attempt detection of suspicious payloads. An `ErrorException` will be thrown in the crash case, which can be caught by plugins. ### References cweiske/jsonmapper#210
### Impact A new user can privilege escalation to admin role which least config ### Patches Update to version 10.5.23 or apply this patches manually https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch ### Workarounds Apply patches manually: https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch ### References https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1/
An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0; users should upgrade to this version. The vulnerability was discovered by the [Oxeye research](https://www.oxeye.io/) team.
The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution.
### Impact #### Description: JStachio fails to escape single quotes `'` in HTML, allowing an attacker to inject malicious code. #### Reproduction Steps: Use the following template code: ```html <div attr='{{value}}'></div> ``` Set the value variable to `' onblur='alert(1)`. ```java public class Escaping { public static void main(String[] args) { Model model = new Model("' onblur='alert(1)"); String result = AttributeTemplate.of().execute(model); System.out.println(result); } @JStache(template = "<div attr='{{value}}'></div>", name="AttributeTemplate") @JStacheConfig(contentType= Html.class) public static class Model { public final String value; public Model(String value) { this.value = value; } public String getValue() { return value; } } } ``` Expected Result: The resulting output should have properly escaped the single quotes and not execute the inject...
### Impact This vulnerability affects the [`ibc-go` package for those running full nodes, dubbed "Huckleberry"](https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731). According to their advisory: > This issue is low-severity in general, and it has a low impact and likelihood of exploitation. Depending on how a full node is architected, this issue could potentially yield a high or critical severity vulnerability. There is no vulnerability in the DID/resource modules for cheqd-node. ### Patches Node operators are requested to upgrade to [cheqd-node v1.4.2](https://github.com/cheqd/cheqd-node/releases/tag/v1.4.2). This is a non-state breaking release, and does not require a coordinated upgrade across all node operators. ### Workarounds No. Node operators are recommended to upgrade to the latest release version. ### References - ["Huckleberry" IBC security advisory](https://forum.cosmos.network/t/ibc-security-advisory-huckleberry/10731) - [`ibc-go` v6.1.1 release not...
### Impact In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the [Kubernetes finalizers feature](https://kubernetes.io/docs/concepts/overview/working-with-objects/finalizers/) by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to byp...
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).
The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.
Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.