Security
Headlines
HeadlinesLatestCVEs

Tag

#web

GHSA-64gp-r758-8pfm: Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment

A vulnerability was found in the WildFly management console. A user may perform cross-site scripting in the deployment system. An attacker (or insider) may execute a malicious payload which could trigger an undesired behavior against the server. ### Impact Cross-site scripting (XSS) vulnerability in the management console. ### Patches Fixed in [HAL 3.7.7.Final](https://github.com/hal/console/releases/tag/v3.7.7) ### Workarounds No workaround available ### References See also: https://issues.redhat.com/browse/WFLY-19969

ghsa
Open in Source
#xss#vulnerability#web#git#auth
GHSA-f7qj-v3vp-4856: libafl has unsound usages of `core::slice::from_raw_parts_mut`

The library breaks the safety assumptions when using unsafe API `slice::from_raw_parts_mut`. The pointer passed to `from_raw_parts_mut` is misaligned by casting `u8` to `u16` raw pointer directly, which is unsound. The bug is patched by using `align_offset`, which could make sure the memory address is aligned to 2 bytes for `u16`. This was patched in 0.11.2 in the [commit](https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d).

GHSA-77pm-w3hx-f8mj: Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12

GHSA-gmj6-6f8f-6699: Jinja has a sandbox breakout through malicious filenames

A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename.

GHSA-r7j8-5h9c-f6fx: Remote Command Execution in file editing in gogs

### Impact The malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. ### Patches Editing symlink while changing the file name has been prohibited via the repository web editor (https://github.com/gogs/gogs/pull/7857). Users should upgrade to 0.13.1 or the latest 0.14.0+dev. ### Workarounds No viable workaround available, please only grant access to trusted users to your Gogs instance on affected versions. ### References n/a ### Proof of Concept 1. Create two repositories, upload something to the first repository, edit any file, and save it on the webpage. 2. In the second repository, create a symbolic link to the file you need to edit: ```bash $ ln -s /data/gogs/data/tmp/local-repo/1/.git/config test $ ls -la total 8 drwxr-xr-x   5 dd  staff  160 Oct 27 19:09 . drwxr-xr-x   4 dd  staff  128 Oct 27 19:06 .. drwxr-xr-x  12 dd  staff  384 Oct 27 19:09 .git -rw-r--r--   1 dd  staff   12 O...

ABB Cylon Aspect 3.08.02 (syslogUpdate.php) Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through POST parameters, including REMOTE, IP1, IP2, IP3, IP4, and NAME, called by the syslogUpdate.php script.

Middle East Cyberwar Rages On, With No End in Sight

Since October 2023, cyberattacks among countries in the Middle East have persisted, fueled by the conflict between Israel and Hamas, reeling in others on a global scale.

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Popular npm packages, Rspack and Vant, were recently compromised with malicious code. Learn about the attack, the impact, and how to protect your projects from similar threats.

Mystery Drone Sightings Lead to FAA Ban Despite No Detected Threats

Plus: Google’s U-turn on creepy “fingerprint” tracking, the LockBit ransomware gang’s teased comeback, and a potential US ban on the most popular routers in America.

GHSA-cmwp-442x-3rcv: Piranha CMS Cross-site Scripting vulnerability

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.