#git

Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of the rs1 register as the same as the rs2 register due to a lack of constraints in the rv32im circuit. This vulnerability was reported by Christoph Hochrainer via our Hackenproof bug bounty. The fix for the circuit was implemented in [zirgen/pull/238](https://github.com/risc0/zirgen/pull/238), and the update to risc0 was implemented in [risc0/pull/3181](https://github.com/risc0/risc0/pull/3181). Impacted on-chain verifiers have already been disabled via the estop mechanism outlined in the [Verifier Management Design](https://github.com/risc0/risc0-ethereum/blob/release-2.0/contracts/version-management-design.md#base-verifier-implementations). ## Mitigation It is recommend all impacted users u...

A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. ### Fixed in https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff ### Impact The issue could lead to request smuggling in cases where Pingora’s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.

A new detection method from Varonis Threat Labs turns hackers' sneaky random patterns into a way to catch hidden cyberattacks. Learn about Jitter-Trap and how it boosts cybersecurity defenses.

### Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. ### Details The RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/v5.2.1/middleware/strip.go#L55 The Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware ### PoC Create a simple server which uses the RedirectSlashes middleware ``` package main import ( "fmt" "net/http" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" // Import the middleware package ) func main() { // Create a new Chi router r := chi.NewRouter() // Use the built-in RedirectSlashes middleware r.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes // Define a route handler r.Get("/", func(w http.ResponseWriter, r *http.Request) { // A simple response w.Write([]byte("Hello, World!")) }) ...

Citizen Lab and Google uncovered a new, sophisticated cyberattack linked to Russian state actors that exploits App-Specific Passwords, bypassing Multi-Factor Authentication. Discover how to protect yourself from these evolving threats.

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions in playbook runs, allowing authenticated users without the 'Manage Channel Members' permission to add or remove users from public and private channels by manipulating playbook run participants when the run is linked to a channel.

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly retrieve requestorInfo from playbooks handler for guest users which allows an attacker access to the playbook run.

### Impact Under specific circumstances, text composables may contain unmasked sensitive data in Android session replays. You may be impacted if you meet the following conditions: - Using any `sentry-android` with versions < 8.14.0 - Using Jetpack Compose >= [1.8.0-alpha08](https://developer.android.com/jetpack/androidx/releases/compose-ui#1.8.0-alpha08) - Have configured Sentry Session Replays for Android If you do not use Jetpack Compose or have never used a version >= 1.8.0-alpha08 you are not impacted. If you have not configured [Session Replays for Mobile](https://docs.sentry.io/product/explore/session-replay/mobile/) you are not impacted. ### How do I check if I'm impacted? If you meet the conditions above, the `sentry-android` package includes a [specific error log](https://github.com/getsentry/sentry-java/blob/b2920907e6afb69a8027cedb251dd94a3514f0e6/sentry-android-replay/src/main/java/io/sentry/android/replay/viewhierarchy/ComposeViewHierarchyNode.kt#L252-L261) that woul...

Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to sanitize filenames in the archive extractor which allows authenticated users to write files to arbitrary locations on the filesystem via uploading archives with path traversal sequences in filenames, potentially leading to remote code execution. The vulnerability impacts instances where file uploads and document search by content is enabled (FileSettings.EnableFileAttachments = true and FileSettings.ExtractContent = true). These configuration settings are enabled by default.

Red Canary uncovers 'Mocha Manakin,' a new threat using paste and runs to deliver custom NodeInitRAT malware, potentially leading to ransomware. Learn to protect your systems.