#js

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 on WordPress leading to plugin settings import.

Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change.

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

### Impact Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it was possible to partially bypass the `fs` scope definition. It was not possible to traverse into arbitrary paths, as the issue was limited to neighboring files and sub folders of already allowed paths. The impact differs on Windows, MacOS and Linux due to different specifications of valid path characters. On Linux or MacOS based systems it was possible to use the `*`, `**` and `[a-Z]` patterns inside a path, which allowed to read the content of sub directories and single character files in a folder, where only specific files or the directory itself were allowed. On Windows `[a-Z]` was the possible bypass pattern, as `*` is not treated as a valid path component. This implies that only single character files inside an already allowed directory were unintentionally accessible. This bypass depends on the file picker dialog or dragged files, as user selec...

Rapid remedy follows reawakening of long-dormant bug threat

Red Hat Security Advisory 2022-7457-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Issues addressed include information leakage and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2022-7645-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format.

Red Hat Security Advisory 2022-7581-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Red Hat Security Advisory 2022-7813-01 - The zlib packages provide a general-purpose lossless data compression library that is used by many different programs.

Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.