Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-3g5w-6pw7-6hrp: Path Traversal In Eclipse GlassFish

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

ghsa
Open in Source
#vulnerability#web#git#java#auth#maven
GHSA-jgh8-vchw-q3g7: Permissive regex leads to domain filter bypass

### Description In SafeURL it is possible to specify a list of domains that should be matched before a request is sent out. The regex used to compare domains did not work as intended. ### Impact The regex used was: `re.match("(?i)^%s" % domain, value)` This has two problems, first that only the beginning and not the end of the string is anchored. Second, that a dot in the domain matches any character as part of regex syntax. Therefore, an allowlist of ["victim.com"] could allow the domain "victimacomattacker.com" to be requested. This has lower impact since the usual attacker aim in an SSRF is to request internal resources such as private IP addresses rather than an attacker's own domain. But, in a case where SafeURL had specifically been used to try to limit requests to a particular allowlist, say for example a PDF renderer, the finding would be more severe. ### Patches Fixed in https://github.com/IncludeSecurity/safeurl-python/pull/5 ### References [Server-side request forgery...

GHSA-h632-p764-pjqm: DataFlow upload remote code execution vulnerability

### Impact An administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile.

GHSA-5j2g-3ph4-rgvm: Fix for authenticated remote code execution through layout update

### Impact A layout block was able to bypass the block blacklist to execute remote code.

GHSA-x477-fq37-q5wr: Initial debug-host handler implementation could leak information and facilitate denial of service

### Impact version 1.5.0 and 1.6.0 when using the new `debug-host` feature could expose unnecessary information about the host ### Patches Use 1.6.1 or newer ### Workarounds Downgrade to 1.4.0 or set `debug-host` to empty ### References https://github.com/fortio/proxy/pull/38 Q&A https://github.com/fortio/proxy/discussions

GHSA-3p73-mm7v-4f6m: DoS vulnerability in MaliciousCode filter

### Impact Infinite loop in malicious code filter in certain conditions. ### Workarounds None

GHSA-5vpv-xmcj-9q85: Fix for arbitrary file deletion in customer media allows for remote code execution

### Impact Magento admin users with access to the customer media could execute code on the server.

GHSA-c9q3-r4rv-mjm7: Fix for arbitrary command execution in custom layout update through blocks

### Impact Custom Layout enabled admin users to execute arbitrary commands via block methods.

GHSA-jm3m-wr3p-hjrq: Cross-site Scripting in modoboa

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.

GHSA-8v53-23mx-hcf9: Improper Certificate Validation in pyload-ng

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.