Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-rj88-4777-828h: Command injection in docker-tester

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

ghsa
Open in Source
#vulnerability#git#docker
GHSA-fj34-jhjx-xmvv: Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.

GHSA-2927-hv3p-f3vp: Open redirect in caddy

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

GHSA-2x4v-g8cx-jxrq: Login timing attack in ibexa/core

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter 'ibexa.security.authentication.constant_auth_time'. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.

GHSA-xfqg-p48g-hh94: Login timing attack in ezsystems/ezpublish-kernel

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter 'ibexa.security.authentication.constant_auth_time'. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.

GHSA-342c-vcff-2ff2: Login timing attack in ezsystems/ezplatform-kernel

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter 'ibexa.security.authentication.constant_auth_time'. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.

GHSA-56j7-2pm8-rgmx: OS Command Injection in gogs

### Impact The malicious user is able to update a crafted `config` file into repository's `.git` directory with to gain SSH access to the server. All installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Repository file updates are prohibited to its `.git` directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds N/A ### References N/A ### For more information If you have any questions or comments about this advisory, please post on #6555.

GHSA-958j-443g-7mm7: OS Command Injection in gogs

### Impact The malicious user is able to upload a crafted `config` file into repository's `.git` directory with to gain SSH access to the server. All Windows installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Repository file uploads are prohibited to its `.git` directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds [Disable repository files upload](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L128-L129). ### References https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/ ### For more information If you have any questions or comments about this advisory, please post on #6968.

GHSA-pj96-4jhv-v792: Cross site scripting via cookies in gogs

### Impact There is no known practical impact other than it is just possible to manipulate CSRF cookie and XSS the malicious user self. ### Patches Invalid characters of CSRF tokens are stripped after reading cookie. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds No need for workarounds. ### References N/A ### For more information If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6953.

GHSA-f5x9-8jwc-25rw: Uncaught Exception (due to a data race) leads to process termination in Waitress

### Impact Waitress may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. ### Patches This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket, instead it is always delegated to the main thread. ### Workarounds There is no work-around, however users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/Pylons/waitress/issues (if not sensitive or security related) * email the Pylons Security mailing list: [pylons-project-security@googlegroups.com](mailto:pylons-project-security@googlegroups.com) (if security related)