#js

### Impact The implementation of the following functions were determined to include a use-after-free bug: * `FetchEvent.client.tlsCipherOpensslName` * `FetchEvent.client.tlsProtocol` * `FetchEvent.client.tlsClientCertificate` * `FetchEvent.client.tlsJA3MD5` * `FetchEvent.client.tlsClientHello` * `CacheEntry.prototype.userMetadata` of the `fastly:cache` subsystem * `Device.lookup` of the `fastly:device` subsystem This bug could allow for an unintended data leak if the result of the preceding functions were sent anywhere else, and often results in a Compute service crash causing an HTTP 500 error to be returned. As all requests to Compute are isolated from one another, the only data at risk is data present for a single request. ### Patches This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package. ### Workarounds There are no workarounds for this bug, any use of the affected functions introduces the possibility of a data leak or crash in guest code.

### Summary Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). ### Details The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. https://github.com/mermaid-js/zenuml-core/blob/dcfee8cde42673c09e19401f43ad8506658c8442/src/components/DiagramFrame/SeqDiagram/MessageLayer/Block/Statement/Comment/Comment.vue#L65 ### PoC ``` // p<img onerror=alert(1) src=""/> A->B:hi ``` Above is a POC diagram payload that results in an XSS. Here is a similar POC in mermaid.live: https://mermaid.live/edit#pako:eNpNjrFuwyAQhl8F3dRK1DaQGhs1kVq1Y6duFQsylwTVgEWw1MTyuxc5S7df39399y0wRIug4IZh9qMOdU2mF-dPJAZMKaa9GTHlB_ZILmnYa9BQH3R4fTq8...

Affected devices could include wireless access points, routers, switches and VPNs.

Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Linux Security Advisory 5719-1 - It was discovered that Emacs is prone to arbitrary shell code evaluation when opening a specially crafted Org file.

Automad version 2.0.0-alpha.4 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 6746-2 - USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library ("polyfill.js") to redirect users to malicious and scam sites. More than 110,000 sites that embed the library are impacted by the supply chain attack, Sansec said in a Tuesday report. Polyfill is a popular library that

Debian Linux Security Advisory 5715-2 - The update for composer released as DSA 5715 introduced a regression in the handling of git feature branches. Updated composer packages are now available to address this issue.

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware