#js

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. The Owncast application exposes an administrator API at the URL /api/admin. The emoji/delete endpoint of said API allows administrators to delete custom emojis, which are saved on disk. The parameter name is taken from the JSON request and directly appended to the filepath that points to the emoji to delete. By using path traversal sequences (../), attackers with administrative privileges can exploit this endpoint to delete arbitrary files on the system, outside of the emoji directory. This vulnerability is fixed in 0.1.3.

memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/httpmeta that allows unauthenticated users to enumerate the internal network and receive limited html values in json form. This vulnerability is fixed in 0.16.1.

Editor.js is a block-style editor with clean JSON output. Versions prior to 2.26.0 are vulnerable to Code Injection via pasted input. The processHTML method passes pasted input into wrapper’s innerHTML. This issue is patched in version 2.26.0.

### Summary The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly use API's provided by `unjs/ufo`. This library also contains parsing discrepancies. ### Details The function first tests to see if the specified [URL has a protocol](https://github.com/nuxt/nuxt/blob/fa9d43753d25fc2e8c3107f194b2bab6d4ebcb9a/packages/nuxt/src/app/composables/router.ts#L142). This uses the [unjs/ufo](https://github.com/unjs/ufo) package for URL parsing. This function works effectively, and returns true for a `javascript:` protocol. After this, the URL is parsed using the [`parseURL`](https://github.com/unjs/ufo/blob/e970686b2acae972136f478732450f6a2f1ab5e5/src/parse.ts#L47) function. This function will refuse to parse poorly formatted URLs. Parsing `javascript:alert(1)` returns null/"" for all values. Next, the protocol of the URL is then checked using the [`isScriptProtocol`](https://github.com/unjs/ufo/blob/e970686b2acae972136f478732450f6a2f1ab5e5/src/utils.ts#...

Debian Linux Security Advisory 5737-1 - If LibreOffice failed to validate a signed macro, it displayed a warning but still allowed execution of the script after printing a warning. Going forward in high macro security mode such macros are now disabled.

Debian Linux Security Advisory 5736-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox restrictions.

Ubuntu Security Notice 6943-1 - It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS It was discovered that Tomcat incorrectly handled certain HTTP/2 connection requests. A remote attacker could use this issue to obtain wrong responses possibly containing sensitive information. This issue only affected tomcat8 for Ubuntu 18.04 LTS

Computer Laboratory Management System version 1.0 suffers from an incorrect access control that allows for privilege escalation.

Red Hat Security Advisory 2024-4982-03 - OpenShift API for Data Protection 1.3.3 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4972-03 - An update is now available for Red Hat OpenShift GitOps v1.11.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.