ghsa

Buffer leak on incoming WebSocket PONG message(s) in Undertow before 2.0.40 and 2.2.10 can lead to memory exhaustion and allow a denial of service.

### Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. ### Patches Users should upgrade to version 5.0 immediately ### Workarounds None.

### Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. ### Patches Users should upgrade to version 5.0 immediately ### Workarounds None.

Togglz is an implementation of the Feature Toggles pattern for Java. There is no CSRF protection in the togglz console and could allow an attacker to guess the CSRF token value. Version 2.9.4 adds the necessary CSRF protection.

### Overview A partial-path traversal issue exists within the `downloadDirectory` method in the AWS S3 TransferManager component of the AWS SDK for Java v1. Applications using the SDK control the `destinationDirectory` argument, but S3 object keys are determined by the application that uploaded the objects. The `downloadDirectory` method allows the caller to pass a filesystem object in the object key but contained an issue in the validation logic for the key name. A knowledgeable actor could bypass the validation logic by including a UNIX double-dot in the bucket key. Under certain conditions, this could permit them to retrieve a directory from their S3 bucket that is one level up in the filesystem from their working directory. This issue’s scope is limited to directories whose name prefix matches the destinationDirectory. E.g. for destination directory`/tmp/foo`, the actor can cause a download to `/tmp/foo-bar`, but not `/tmp/bar`. Versions of the AWS Java SDK for S3 v1 before an...

The com.fasterxml.jackson.core:jackson-databind library before versions 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`.

# Impact Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager # Relates to - [https://github.com/artf/grapesjs/issues/4411](https://github.com/artf/grapesjs/issues/4411) # Patch Update GrapeJS dependency to >=[v0.19.5](https://github.com/artf/grapesjs/releases/tag/v0.19.5)

### Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack. All versions of fastify-bearer-auth are also affected. ### Patches We released: * v8.0.1 with a fix for the Fastify v4 line * v7.0.2 with a fix for the Fastify v3 line ### Workarounds There are no workarounds. Update your dependencies. ### References https://hackerone.com/reports/1633287 ### For more information If you have any questions or comments about this advisory: * Open an issue in [https://github.com/fastify/fastify-bearer-auth](https://github.com/fastify/fastify-bearer-auth) * Email us at [hello@matteocollina.com](mailto:hello@matteocollina.com)

### Impact This vulnerability affects all accounts (vanilla and ethereum flavors) in the [v0.2.0 release of OpenZeppelin Contracts for Cairo](https://github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.0), which are not whitelisted on StarkNet mainnet, so only goerli deployments of v0.2.0 accounts are affected. This faulty behavior is not observed in [StarkNet's testing framework](https://github.com/starkware-libs/cairo-lang/blob/master/src/starkware/starknet/testing/starknet.py), so don't rely on it passing to detect this issue on custom accounts. ### Patches This bug has been patched in [v0.2.1](https://github.com/OpenZeppelin/cairo-contracts/releases/tag/v0.2.1). ### References The issue is detailed in https://github.com/OpenZeppelin/cairo-contracts/issues/386. ### For more information If you have any questions or comments about this advisory: * Open an issue in [the Contracts for Cairo repo](https://github.com/OpenZeppelin/cairo-contracts/issues/new/choose) * Email us at ...

In versions prior to 3.3.2, Hudson exhibits a flaw in its XML API processing that can allow access to potentially sensitive information on the filesystem of the Hudson master server.