#vulnerability

### Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at _action.yml_. ### Details The GitHub Action variables `inputs.prek-version`, `inputs.extra_args`, and `inputs.extra-args` can be used to execute arbitrary code in the context of the action. ### PoC ```yaml - uses: j178/prek-action@v1.0.5 with: prek-version: $(printenv >> $GITHUB_STEP_SUMMARY && echo "0.2.2") extra_args: '&& echo "MY_SECRET with a character is: ${MY_SECRET:0:1}a${MY_SECRET:1}" >> $GITHUB_STEP_SUMMARY && echo ""' env: MY_SECRET: ${{ secrets.MY_SECRET }} ``` The previous example will print all the environment variables, and it will expose `MY_SECRET` environment variable value to the summary of the workflow. An attacker could potentially use this vector to compromise the security of the target repository, even passing unnotice because the action will run normally. ### Impact Critical, CWE-94

### Impact CWE-20: Improper Input Validation Low impact ### Patches Patched in v7.1.8 (commit https://github.com/mondeja/mkdocs-include-markdown-plugin/commit/7466d67aa0de8ffbc427204ad2475fed07678915) ### Workarounds No

### Impact Due to incorrect handling of the `mail.Address` values when a sender- or recipient address is passed to the corresponding `MAIL FROM` or `RCPT TO` commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. #### Vulnerability details Instead of making use of the `String()` method of `mail.Address`, which takes care of proper escaping and quotation of mail address, we used the `Address` value of the `mail.Address` which is the raw value when passing it to our SMTP client. This meant, if a mail address like this was set: `"toni.tester@example.com> ORCPT=admin@admin.com"@example.com` for a sender or recipient, instead of the correctly quoted/escaped address, the SMTP client would get the raw value passed which would translate into something like this being passed to the SMTP server: `RCPT TO:<toni.tester@example.com> ORCPT=admin@admin.com@example.com>`. Since ORCTP is a valid command for the SMTP server, the mail wo...

SafeDep `vet` is vulnerable to a DNS rebinding attack due to lack of HTTP `Host` and `Origin` header validation. To exploit this vulnerability following conditions must be met: 1. A `vet` scan is executed and reports are saved as `sqlite3` database 2. A `vet` MCP server is running on default port with SSE transport that has access to the report database 3. The attacker lures the victim to attacker controlled website 4. Attacker leverages DNS rebinding to access `vet` SSE server on `127.0.0.1` through the website 5. Attacker uses MCP tools to read information from report database ### Impact Data from `vet` scan sqlite3 database may be exposed to remote attackers when `vet` is used as an MCP server in SSE mode with default ports through the sqlite3 query MCP tool. ### Patches * `v1.12.5` is released that patches the issue with `Host` and `Origin` header allow list and validation ### Workarounds * Use `stdio` (default) transport for SSE server

Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security

Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can

Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called "postmark-mcp" that copied an official Postmark Labs library of the same name. The

Singapore, Singapore, 29th September 2025, CyberNewsWire

The llama-index-core package, up to version 0.12.44, contains a vulnerability in the `get_cache_dir()` function where a predictable, hardcoded directory path `/tmp/llama_index` is used on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct symlink attacks. The issue affects all Linux deployments where multiple users share the same system. The vulnerability is classified under CWE-379, CWE-377, and CWE-367, indicating insecure temporary file creation and potential race conditions.

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the _merge() function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is caught, code injected into the user-supplied search parameter may be exeucted. This is related to but distinct from the issue reported in [CVE-2021-23433](https://security.snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421). **NOTE:** This vulnerability is not exploitable in the default configuration of InstantSearch since searchParameters are not modifiable by users.