Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-2h44-x2wx-49f4: Potential HTTP policy bypass when using header rules in Cilium

### Impact This issue only impacts users who: - Have a HTTP policy that applies to multiple `toEndpoints` AND - Have an allow-all rule in place that affects only one of those endpoints In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. ### Patches This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2. ### Workarounds Rewrite HTTP rules for each endpoint separately. For example, if the initial rule looks like: ``` egress: - toEndpoints: - matchLabels: k8s:kind: echo - matchLabels: k8s:kind: example toPorts: - ports: - port: "8080" protocol: TCP rules: http: - method: "GET" ``` It should be rewritten to: ``` egress: - toEndpoints: - matchLabels: k8s:kind: echo toPorts: - ports: - port: "8080" protocol: TCP ...

ghsa
Open in Source
#vulnerability#git#kubernetes
GHSA-mxhg-rvwx-x993: Invalid push request payload crashes Parse Server

### Impact The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. ### Patches Invalid push notification payload is caught and an logged. ### Workarounds n/a ### References - https://github.com/parse-community/parse-server-push-adapter/security/advisories/GHSA-mxhg-rvwx-x993 - https://github.com/parse-community/parse-server-push-adapter/pull/217

GHSA-m6m8-6gq8-c9fj: Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4

### Impact This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. ### Patches Upgrade to v4.3.5 or later. ### Workarounds Setting validation rules with an array. E.g.: ```php $validation->setRules([ 'email' => ['required', 'valid_email, 'is_unique[users.email,id,{id}]'], ]); ``` ### References - https://codeigniter4.github.io/userguide/libraries/validation.html#validation-placeholders - https://codeigniter4.github.io/userguide/incoming/controllers.html#validating-data - https://codeigniter4.github.io/userguide/models/model.html#in-model-validation

GHSA-qjrq-hm79-49ww: ginuerzh/gost vulnerable to Timing Attack

[Timing attacks](https://en.wikipedia.org/wiki/Timing_attack) occur when an attacker can guess a secret by observing a difference in processing time for valid and invalid inputs. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparision function. More information on this attack type can be found in [this blog post](https://verboselogging.com/2012/08/20/a-timing-attack-in-action). # Root Cause Analysis In this case, the vulnerability occurs due to the following code. https://github.com/ginuerzh/gost/blob/1c62376e0880e4094bd3731e06bd4f7842638f6a/auth.go#L46-L46 Here, a untrusted input, sourced from a HTTP header, is compared directly with a secret. Since, this comparision is not secure, an attacker can mount a side-channel timing attack to guess the password. # Remediation This can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. An example fix can be found in https:/...

GHSA-qg36-9jxh-fj25: Incorrect signature verification in django-ses

The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates.

GHSA-x7c2-7wvg-jpx7: kiwitcms vulnerable to stored XSS via unrestricted files upload

### Impact Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded, see [GHSA-fwcf-753v-fgcj](https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-fwcf-753v-fgcj) and Content-Security-Policy definition to prevent cross-site-scripting attacks, see [GHSA-2wcr-87wf-cf9j](https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-2wcr-87wf-cf9j). The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploting this flaw a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. ### Patches - File upload validation code has been improved - Kiwi TCMS will now force `Content-Type: text/plain` when serving uploaded files ...

GHSA-h79m-5cm2-278c: User data exposure in Apache InLong

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 to solve it.

GHSA-5gj6-62g7-vmgf: Hazelcast vulnerable to unmasked password exposure

In Hazelcast before 5.3.0, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.

GHSA-xp5g-jhg3-3rg2: Double spend in snarkjs

iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.

GHSA-4gm9-c9jq-g523: Froxlor vulnerable to Allocation of Resources Without Limits or Throttling

Froxlor prior to 2.0.16 has a password reset page with no rate limit.