Impact
An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: balazs@email.com, <a href=”http://attacke…
[github.com/ipld/go-car] Malformed CAR panics and excessive memory usage
Impact
Versions impacted
<= go-car@v0.3.3
<= go-car@v2.3.0
Description
Decoding CAR data from untrusted user input can cause:
Panics:
Out of bound memory access
Out of memory
Divide by zero
Excessive memory usage
Such panics can be triggere…
[openssh-key-parser] Possible leak of key’s raw field if declared length is incorrect
Impact
If a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key’s sensitive field can thus expose the raw value of that f…
[moment] Inefficient Regular Expression Complexity in moment
Impact
using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs
noticeable slowdown is observed with inputs above 10k characters
users who pass user-provide…
[lxml] NULL Pointer Dereference in lxml
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes thr…
[github.com/heroiclabs/nakama] Insufficient Session Expiration in Nakama
Old session tokens can be used to authenticate to the application and send authenticated requests.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2306
https://github.com/heroiclabs/nakama/commit/ce8d3921e2acd44ef8b5e6edfe595b6df067b166
https://h…
[github.com/beego/beego] Path Traversal in Beego
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-31836
https://github.com/beego/beego/issues/4961
https://…
[github.com/heroiclabs/nakama/v3] Improper Restriction of Excessive Authentication Attempts
Nakama Console does not enforce any limit for the number of unsuccessful login attempts.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2321
https://github.com/heroiclabs/nakama/commit/e2e02fce80ff33ce45f8a6ebc0b7a99ee0b03824
https://huntr.dev/b…
[jquery-validation] Regular Expression Denial of Service in jquery-validation
Summary
Incomplete fix of CVE-2021-43306: An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method.
References
https://gith…
[pycares] Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in pycares
Impact
pycares versions < 4.2.0 are affected by CVE-2021-3672.
Patches
Update to version 4.2.0.
References
https://github.com/saghul/pycares/security/advisories/GHSA-c58j-88f5-h53f
https://github.com/advisories/GHSA-c58j-88f5-h53f