#git

### Summary Renovate can be tricked into executing shell code while updating the Gradle Wrapper. A malicious `distributionUrl` in `gradle/wrapper/gradle-wrapper.properties` can lead to command execution in the Renovate runtime. ### Details When Renovate handles Gradle Wrapper artifacts, it may run a wrapper update command such as: - `./gradlew :wrapper --gradle-distribution-url <value>` In the observed behavior, Renovate executes this via a shell (e.g., `/bin/sh -c ...`). If `distributionUrl` contains shell command substitution syntax like `$(...)`, the shell evaluates it **before** Gradle validates/parses the URL. After that, Gradle attempts to parse the URL as a URI and fails with `URISyntaxException`, but the shell substitution has already executed. This is reproducible even when `allowScripts` is disabled (default is OFF), because this execution happens as part of Gradle Wrapper artifact handling rather than “repository install scripts”. Prerequisites / attack conditions: - ...

### Impact Gin-vue-admin <= v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attackers to access or write files outside the intended directory. In the breakpoint_continue.go file, the MakeFile function accepts a fileName parameter through the /fileUploadAndDownload/breakpointContinueFinish API endpoint and directly concatenates it with the base directory path (./fileDir/) using os.OpenFile() without any validation for directory traversal sequences (e.g., ../). Notably, while the related makeFileContent function in the same file properly validates the fileName parameter by checking for .. sequences, the MakeFile function lacks this security control, indicating an inconsistent security implementation. An **attacker with file upload privileges (role ID 888 - super administ...

### Impact The MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allows an attacker to "break out" of the string literal and inject arbitrary code. Here is an example OpenAPI with the exploit ```yaml openapi: 3.0.4 info: title: Swagger Petstore - OpenAPI 3.0 description: |- This is a sample Pet Store Server based on the OpenAPI 3.0 specification. You can find out more about Swagger at [https://swagger.io](https://swagger.io). In the third iteration of the pet store, we've switched to the design first approach! You can now help us improve the API whether it's by making changes to the definition itself or to the code. That way, with time, we can improve the API in general, and expose some of the new features in OAS3. Some useful links: - [The Pet Store repository](https://github.com/swagger-api/swagger-petstore) - [The source API defin...

## Impact **Vulnerability Type**: CRLF Injection via ConfigParser An attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the `config.ini` file. This can lead to security setting tampering or modification of application behavior. **Affected Users**: Users running ComfyUI-Manager in environments where ComfyUI is configured with the `--listen` option to allow remote access. **CVSS Score**: 7.5 (High) ## Patches Fixed in the following versions: - **3.39.2** (v3.x branch) - **4.0.5** (v4.x branch) Sanitization logic was added to the `write_config()` function to remove CRLF and NULL characters from all string values. ## Workarounds If upgrading is not possible: - Run ComfyUI-Manager only on trusted networks - Block external access via firewall - Run on localhost only without the `--listen` option ## References - [CWE-93: Improper Neutralization of CRLF Sequences](https://cwe.mitre.org/data/definitions/93.html) - [OWASP CRLF In...

### Summary OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of certain APIs, attacker-controlled parameter text is parsed into values using String#convert_to_value. For array-like inputs, convert_to_value executes eval(). Because the cmd code path parses the command string before calling authorize(), an unauthenticated attacker can trigger Ruby code execution even though the request ultimately fails authorization (401).

## Impact TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in `virtualenv` allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. **Affected versions:** All versions up to and including 20.36.1 **Affected users:** Any user running `virtualenv` on multi-user systems where untrusted local users have filesystem access to shared temporary directories or where `VIRTUALENV_OVERRIDE_APP_DATA` points to a user-writable location. **Attack scenarios:** - Cache poisoning: Attacker corrupts wheels or Python metadata in the cache - Information disclosure: Attacker reads sensitive cached data or metadata - Lock bypass: Attacker controls lock file semantics to cause concurrent access violations - Denial of service: Lock starvation preventing virtualenv operations ...

## Vulnerability Summary **Title:** Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock **Affected Component:** `filelock` package - `SoftFileLock` class **File:** `src/filelock/_soft.py` lines 17-27 **CWE:** CWE-362, CWE-367, CWE-59 --- ## Description A TOCTOU race condition vulnerability exists in the `SoftFileLock` implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition between the permission validation and file creation to cause lock operations to fail or behave unexpectedly. The vulnerability occurs in the `_acquire()` method between `raise_on_not_writable_file()` (permission check) and `os.open()` (file creation). During this race window, an attacker can create a symlink at the lock file path, potentially causing the lock to operate on an unintended target file or leading to denial of service. ### Attack Scenario ``` 1. Lock attempts to acquire on /tmp/app.lock 2. ...

### Summary Users can crash the vLLM engine serving multimodal models that use the _Idefics3_ vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. ### Details The vulnerability is triggered when the image processor encounters a 1x1 pixel image with shape (1, 1, 3) in HWC (Height, Width, Channel) format. Due to the ambiguous dimensions, the processor incorrectly assumes the image is in CHW (Channel, Height, Width) format with shape (3, H, W). This misinterpretation causes an incorrect calculation of the number of image patches, resulting in a fatal tensor split operation failure. **Crash location**: `vllm/model_executor/models/idefics3.py` line 672: ```python def _process_image_input(self, image_input: ImageInputs) -> torch.Tensor | list[torch.Tensor]: # ... num_patches = image_input["num_patches"] return [e.flatten(0, 1) for e ...

Telegram will add a warning for proxy links after reports showed they can expose user IP addresses with a single click, bypassing VPN or privacy settings.

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these payment providers are the most likely to be impacted," Silent Push said in a report published today.