Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-6g3j-p5g6-992f: OpenSearch StackOverflow vulnerability

### Impact A flaw was discovered in OpenSearch, affecting the `_search` API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. The issue was identified by Elastic Engineering and corresponds to security advisory [ESA-2023-14](https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297) (CVE-2023-31419). ### Mitigation Versions 1.3.14 and 2.11.1 contain a fix for this issue. ### For more information If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [aws-security@amazon.com](mailto:aws-security@amazon.com). Please do not create a public GitHub issue.

ghsa
Open in Source
#vulnerability#amazon#dos#git#java#aws#maven
GHSA-r8j9-5cj7-cv39: Reflected XSS Vulnerability in dpaste

### Impact A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of a user's browser, potentially leading to unauthorized access, data theft, or other malicious activities. ### Patches - A patch has been applied to the dpaste GitHub repository to address the specific content value injection vulnerability. - Users are strongly advised to upgrade to dpaste release v3.8 or later versions, as dpaste versions older than v3.8 are susceptible to the identified security vulnerability. - The patch can be viewed and applied from the following link: [dpaste Commit Patch](https://github.com/DarrenOfficial/dpaste/commit/44a666a79b3b29ed4f340600bfcf55113bfb7086.patch) ### Workarounds At this time, the recommended course of action is to apply the provided patch to the affected systems. No known workarounds have been ident...

CVE-2023-48813: CVE-ID-not-yet/slims/slims9_bulian-9.6.1-SQLI-fines_report.md at main · komangsughosa/CVE-ID-not-yet

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.

GHSA-fg29-37px-c7wm: RuoYi vulnerable to SQL injection vulnerability

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.

CVE-2023-49371: RuoYi-v4.6-vulnerability/Ruoyiv4.6.md at main · Maverickfir/RuoYi-v4.6-vulnerability

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.

The US Needs to Follow Germany's Attack-Detection Mandate

A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response.

WBCE CMS 1.6.1 Shell Upload

WBCE CMS version 1.6.1 suffers from a remote shell upload vulnerability.

CVE-2023-6461: Cross Site Scripting (XSS) in Layers of Image in minipaint

Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0.

Explained: Domain fronting

Domain fronting is a technique to hide the true origin of HTTPS requests by hiding the real domain name encrypted inside a legitimate TLS request.

Simple Hacking Technique Can Extract ChatGPT Training Data

Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever.