Impact
Ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing.
You are at most risk if you have an Istio ingress Gateway exposed to external traffic.
Patches
1.12.8, 1…
[django-jsonform] Cross Site Scripting vulnerability in django-jsonform’s admin form.
Description
django-jsonform stores the raw JSON data of the db field in a hidden textarea on the admin page. However, that data was kept in the textarea after unescaping it using the safe template filter. This opens up possibilities for XSS attacks.
Th…
[org.apache.dubbo:dubbo] Server-side request forgery in Apache Dubbo
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.
References
https://nvd.nist.gov/vuln/detail/CVE-20…
[kityminder] Server-Side Request Forgery in kityminder
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-31830
https://github.com/fex-team/kityminder/issues/345
https://git…
[facturascripts/facturascripts] Cross-site Scripting in FacturaScripts
Cross-site Scripting (XSS) – Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2016
https://github.com/neorazor…
[francoisjacquet/rosariosis] Cross site scripting in francoisjacquet/rosariosis
A Cross-site Scripting (XSS) vulnerability exists in in GitHub repository francoisjacquet/rosariosis prior to 9.1. HTML entities are not properly decoded from the URL.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2036
https://github.com/franco…
[semantic-release] Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Impact
What kind of vulnerability is it? Who is impacted?
Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited…
[cookiecutter] OS Command Injection in cookiecutter
The package cookiecutter before 2.1.1 is vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional fl…
[mechanize] Authorization header leak on port redirect in mechanize
Summary
Mechanize (rubygem) < v2.8.5 leaks the Authorization header after a redirect to a different port on the same site.
Mitigation
Upgrade to Mechanize v2.8.5 or later.
Notes
See https://curl.se/docs/CVE-2022-27776.html for a similar vulnerabilit…
[guzzlehttp/guzzle] Failure to strip the Cookie header on change in host or HTTP downgrade
Impact
Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a U…