Tag
#vulnerability
## Overview On many platforms, a third party can create a Git repository under a name that includes a shell command substitution [^1] string in the syntax `$(<command>)`. These directory names are allowed in macOS and a majority of Linux distributions [^2]. If a user starts `jupyter-lab` in a parent directory of this inappropriately-named Git repository, opens it, and clicks "Git > Open Git Repository in Terminal" from the menu bar, then the injected command `<command>` is run in the user's shell without the user's permission. This issue is occurring because when that menu entry is clicked, `jupyterlab-git` opens the terminal and runs `cd <git-repo-path>` through the shell to set the current directory [^3]. Doing so runs any command substitution strings present in the directory name, which leads to the command injection issue described here. A previous patch provided an incomplete fix [^4]. [^1]: https://www.gnu.org/software/bash/manual/html_node/Command-Substitution.html [^2]: http...
Versions of the package expand-object from 0.0.0 to 0.4.2 are vulnerable to Prototype Pollution in the expand() function in index.js. This function expands the given string into an object and allows a nested property to be set without checking the provided keys for sensitive properties like __proto__.
Versions of the package spatie/browsershot from 0.0.0 to 5.0.3 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories.
All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the Embedded button which will then result in saving the payload in the <iframe> tag.
Versions of the package bigint-buffer from 0.0.0 to 1.1.5 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.
Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti Connect
A maximum severity security vulnerability has been disclosed in Apache Parquet's Java Library that, if successfully exploited, could allow a remote attacker to execute arbitrary code on susceptible instances. Apache Parquet is a free and open-source columnar data file format that's designed for efficient data processing and retrieval, providing support for complex data, high-performance
Hazel highlights the key findings within Cisco Talos’ 2024 Year in Review (now available for download) and details our active tracking of an ongoing campaign targeting users in Ukraine with malicious LNK files.
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**
**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**