Impact
A vulnerability has been discovered in the Grails data-binding logic which allows for Remote Code Execution in a Grails application. This exploit requires the application to be running on Java 8, either deployed as a WAR to a servlet container, …
[undici] undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Impact
Authorization headers are already cleared on cross-origin redirect in
https://github.com/nodejs/undici/blob/main/lib/handler/redirect.js#L189, based on https://github.com/nodejs/undici/issues/872.
However, cookie headers which are sensitive head…
[undici] undici before v5.8.0 vulnerable to CRLF injection in request headers
Impact
It is possible to inject CRLF sequences into request headers in Undici.
const undici = require(‘undici’)
const response = undici.request(“http://127.0.0.1:1000”, {
headers: {‘a’: “\r\nb”}
})
The same applies to path and method
Patches
Update…
[wasmtime] Wasmtime vulnerable to Use After Free with `externref`s
There is a bug in Wasmtime’s code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection (GC). This means that if a GC happens at runtime then the collector will mistakenl…
[net.bull.javamelody:javamelody-core] Java Melody vulnerable to cross-site scripting
JavaMelody is a monitoring tool for JavaEE applications. Versions prior to 1.61.0 are vulnerable to a cross-site scripting (XSS) attack. This issue was patched in version 1.61.0, and users are recommended to upgrade to the latest version. There are no …
[slack-morphism] Slack Morphism for Rust before 0.41.0 can accidentally leak Slack OAuth client information in application debug logs
Impact
Potential/accidental leaking of Slack OAuth client information in application debug logs.
Patches
More strict and secure debug formatting was introduced in v0.41 for OAuth secret types to avoid the possibility of printing sensitive information i…
[xalan:xalan] Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The A…
[properties-reader] Properties-Reader before v2.2.0 vulnerable to prototype pollution
Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution. Version 2.2.0 contains a patch for this issue.
References
https://github.com/steveukx/properties/issues/40
https://github.com/steveukx/properties/commit/0877cc871db9865f58d…
[markdown-it-decorate] markdown-it-decorate vulnerable to cross-site scripting (XSS)
markdown-it-decorate adds attributes, IDs and classes to Markdown, and the most recent version 1.2.2 was published in 2017. All versions are currently vulnerable to cross-site scripting (XSS) and there is no fixed version at this time
References
https…
[pyspark] Apache Spark UI code path in HttpSecurityFilter can allow impersonation if ACLs enabled
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code pa…