Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GHSA-24cf-848g-762c: ShopXO Vulnerable to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS)

shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.

ghsa
Open in Source
#xss#vulnerability#ssrf#auth
GHSA-p736-g6pg-hjhw: ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Image Upload

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.

GHSA-gfhv-5rqh-7qx3: ShopXO Vulnerable to Server-Side Request Forgery (SSRF) via Email Settings

ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.

GHSA-p799-q2pr-6mxj: go.rgst.io/stencil/v2 vulnerable to Path Traversal

### Impact The library used to extract archives (github.com/jaredallard/archives) was vulnerable to the "zip slip" vulnerability. This is used to extract native extension archives and repository source archives. A native extension or repository archive could be crafted in such a way where a remote code execution or modification/reading of a file is possible using the user who is running stencil. The severity is marked as "medium" because native extensions have always considered to be "unsafe" to run when not trusted. Native extensions are arbitrary code being ran, which could always do this same exploit with less steps. The medium severity is to reflect that this could be done even when a user is _not_ using a native extension, for example a repository source archive. However, one would need to mutate the archives provided by Github or perform some hackery with links, which may not be possible. Thus, "medium" is used out of an abundance of caution where I would've labeled this as "lo...

GHSA-j8x2-777p-23fc: tough cyclic delegation graphs are not detected

## Summary In a TUF repository, the targets role’s signature indicates which target files are trusted by clients. The role can delegate full or partial trust to other roles, meaning that that role is trusted to sign target file metadata. Delegated roles can further delegate trust to other delegated roles. When searching for metadata about a given target, tough failed to detect cyclical role delegations. ## Impact When interacting with TUF repositories which contain cyclical role delegations, tough will fail to detect the cycles and will exhaust its stack while recursively searching the delegation graph. The exhausted call stack will cause the process to abort. Impacted versions: < v0.20.0 ## Patches A fix for this issue is available in tough version 0.20.0 and later. Customers are advised to upgrade to version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes. ## Workarounds There is no recommended work around. Customers are advise...

GHSA-v4wr-j3w6-mxqc: tough terminating targets role delegations are not respected

## Summary Delegations are a mechanism defined by the TUF specification that allow multiple different identities to provide and sign content within a single repository. Terminating delegations and delegation priority give a TUF repository unambiguous control over how overlapping delegations are resolved. tough erroneously will not terminate a search as required, and will accept information from a lower-priority delegation that should have been ignored. ## Impact When interacting with TUF repositories that use delegations, the tough client could fetch targets owned by the incorrect role. An actor which had delegated ownership of a subset of a TUF repository could provide arbitrary contents to tough clients for targets owned by the delegating identity. Impacted versions: < v0.20.0 ## Patches A fix for this issue is available in tough version 0.20.0 and later. Customers are advised to upgrade to version 0.20.0 or later and ensure any forked or derivative code is patched to incorpora...

GHSA-5vmp-m5v2-hx47: tough root metadata version is not checked for sequential versioning

## Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the previously trusted root metadata. ## Impact The tough client will trust an outdated or rotated root role in the event that an actor with control of the storage medium of a trusted TUF repository inappropriately replaced the contents of one of the root metadata files with an adequately signed previous version. As a result, tough could trust content associated with a previous root role. Impacted versions: < v0.20.0 ## Patches A fix for this issue is available in tough version 0.20.0 and later. Customers are advised to upgrade to version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes. ## Workarounds There is no recommended work around. Cus...

GHSA-9rhg-254w-fh9x: Redoc Prototype Pollution via `Module.mergeObjects` Component

A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-jf6p-4hgv-v6qh: Duplicate Advisory: Leantime affected by Improper Neutralization of HTML Tags

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-95j3-435g-vjcp. This link is maintained to preserve external references. ### Original Description Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().

GHSA-2q39-w2hw-2pjm: Infinispan Potential Out of Memory Error via REST Compare API Buffer API

A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.