Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-xvfj-84vc-hrmf: Answer vulnerable to Stored Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

ghsa
Open in Source
#xss#git
GHSA-rvjp-8qj4-8p29: Answer has Observable Timing Discrepancy

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-h2wg-83fc-xvm9: Answer vulnerable to Business Logic Errors

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-hwj7-frgj-7829: Answer vulnerable to Authentication Bypass by Capture-replay

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-83qr-c7m9-wmgw: Answer vulnerable to Stored Cross-site Scripting

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

GHSA-g44v-6qfm-f6ch: Answer has Guessable CAPTCHA

Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-79hx-g43v-xfmr: Answer vulnerable to Insufficient Session Expiration

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6.

GHSA-rwmf-w63j-p7gv: CairoSVG improperly processes SVG files loaded from external resources

# SSRF vulnerability ## Summary When CairoSVG processes an SVG file, it can make requests to the inner host and different outside hosts. ## Operating system, version and so on Linux, Debian (Buster) LTS core 5.10 / Parrot OS 5.1 (Electro Ara), python 3.9 ## Tested CairoSVG version 2.6.0 ## Details A specially crafted SVG file that loads an external resource from a URL. Remote attackers could exploit this vulnerability to cause a scan of an organization's internal resources or a DDOS attack on external resources. It looks like this bug can affect websites and cause request forgery on the server. ## PoC 1. Generating malicious svg file: 1.1 CairoSVG_exploit.svg: ```svg <?xml version="1.0" standalone="yes"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg width="128px" height="128px" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <image height="200" width="200" xlink:href...

GHSA-c24f-2j3g-rg48: kaml has potential denial of service while parsing input with anchors and aliases

### Impact Applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. ### Patches Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. ### Workarounds None. ### References Wikipedia has an explanation of this class of vulnerability: [billion laughs attack](https://en.wikipedia.org/wiki/Billion_laughs_attack) ### Acknowledgements Thank you to @gdude2002 for reporting this issue.

GHSA-ppjr-267j-5p9x: NULL pointer derefernce in `stb_image`

A bug in error handling in the `stb_image` C library could cause a NULL pointer dereference when attempting to load an invalid or unsupported image file. This is fixed in version 0.2.5 and later of the `stb_image` Rust crate, by patching the C code to correctly handle NULL pointers. Thank you to GitHub user 0xdd96 for finding and fixing this vulnerability.