#auth

json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

spmrc is a package that provides the rc manager for spm. A Prototype Pollution vulnerability in the set and config function of spmrc version 1.2.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.

### Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. ### Details The attributes of an iframe are populated with the value of an unreserved data attribute (`data-iframeconfig`) that can be set via wikitext: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/ext.embedVideo.videolink.js#L5-L20 Similar code is also present here: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo/blob/440fb331a84b2050f4cc084c1d31d58a1d1c202d/resources/modules/iframe.js#L139-L155 It is possible to execute JS through attributes like `onload` or `onmouseenter`. ### PoC 1. Create a page with the following contents: ```html <div class="embedvideo-evl" data-iframeconfig='{"onload": "alert(1)"}'>Click me!</div> <evlplayer></evlplayer> ``` 2. Click on the "Click me!" text 3. Click on the "Load video" button below <img width="855" height="404" a...

## Overview Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mutually authenticate and authorize access. In this setup, Omni assigns a random IPv6 address to each Talos machine from a `/64` network block. Omni itself uses the fixed `::1` address within that same block. From Omni's perspective, this is a WireGuard interface with multiple peers, where each peer corresponds to a Talos machine. The WireGuard interface on Omni is configured to ensure that the **source IP address** of an incoming packet matches the IPv6 address assigned to the Talos peer. However, it **performs no validation on the packet's destination address**. The Talos end of the SideroLink connection cannot be considered a trusted environment. Workloads running on Kubernetes, especially those configured with host networking, could gain direct access to this link. Therefore, a malicious workload could theoretically send arbitrary packets over the SideroLink interface...

### Impact v3.1.0, v2.1.3, v1.16.5 and below ### Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 ### Workarounds You can use the ignore option to ignore non files/directories. ```js ignore (_, header) { // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory' } ``` ### Credit Reported by: Mapta / BugBunny_ai

A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file.