Skip to content

Underground News

Header Image
Author

GitHub

925 Posts

Featured

Posted byGitHub
[github.com/sigstore/cosign] cosign’s `cosign verify-attestaton –type` can report a false positive if any attestation exists
Posted byGitHub
[github.com/sigstore/policy-controller] PolicyController before 0.2.1 may bypass attestation verification
Posted byGitHub
[nbconvert] nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Posted byGitHub
[owning_ref] owning_ref vulnerable to multiple soundness issues

[org.grails:grails-databinding] Grails framework Remote Code Execution via Data Binding

  • Posted inUncategorized
  • Posted byGitHub
  • 07/22/202207/30/2022

Impact
A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, …

[undici] undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect

  • Posted inUncategorized
  • Posted byGitHub
  • 07/22/202207/23/2022

Impact
Authorization headers are already cleared on cross-origin redirect in
https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.
However, cookie headers which are sensitive head…

[undici] undici before v5.8.0 vulnerable to CRLF injection in request headers

  • Posted inUncategorized
  • Posted byGitHub
  • 07/22/2022

Impact
It is possible to inject CRLF sequences into request headers in Undici.
const undici = require(‘undici’)

const response = undici.request(“http://127.0.0.1:1000”, {
headers: {‘a’: “\r\nb”}
})

The same applies to path and method
Patches
Update…

[wasmtime] Wasmtime vulnerable to Use After Free with `externref`s

  • Posted inseverity
  • Posted byGitHub
  • 07/21/202208/05/2022

There is a bug in Wasmtime’s code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection (GC). This means that if a GC happens at runtime then the collector will mistakenl…

[net.bull.javamelody:javamelody-core] Java Melody vulnerable to cross-site scripting

  • Posted inUncategorized
  • Posted byGitHub
  • 07/20/202207/20/2022

JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting (XSS) attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no …

[slack-morphism] Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs

  • Posted inUncategorized
  • Posted byGitHub
  • 07/20/202207/26/2022

Impact
Potential/accidental leaking of Slack OAuth client information in application debug logs.
Patches
More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information i…

[xalan:xalan] Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets

  • Posted inUncategorized
  • Posted byGitHub
  • 07/20/202207/29/2022

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The A…

[properties-reader] Properties-Reader before v2.2.0 vulnerable to prototype pollution

  • Posted inUncategorized
  • Posted byGitHub
  • 07/19/202207/27/2022

Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution. Version 2.2.0 contains a patch for this issue.
References

https://github.com/steveukx/properties/issues/40
https://github.com/steveukx/properties/commit/0877cc871db9865f58d…

[markdown-it-decorate] markdown-it-decorate vulnerable to cross-site scripting (XSS)

  • Posted inUncategorized
  • Posted byGitHub
  • 07/19/202207/30/2022

markdown-it-decorate adds attributes, IDs and classes to Markdown, and the most recent version 1.2.2 was published in 2017. All versions are currently vulnerable to cross-site scripting (XSS) and there is no fixed version at this time
References

https…

[pyspark] Apache Spark UI code path in HttpSecurityFilter can allow impersonation if ACLs enabled

  • Posted inHIGH
  • Posted byGitHub
  • 07/19/202208/11/2022

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code pa…

Posts navigation

Previous Posts 1 … 10 11 12 13 14 … 93 Next Posts
Underground News
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close