Impact
The malicious user is able to delete and upload arbitrary file(s). All installations on Windows with repository upload enabled (default) are affected.
Patches
Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the late…
[laravel/laravel] Unserialized Pop Chain in Laravel
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.
References
h…
[noumo/easyii] Cross-Site Request Forgery in easyii CMS
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit…
[pocketmine/pocketmine-mp] Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
Impact
Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 (8ac16345a3bc099b62c1f5cfbf3b736e621c3f76), arbitrary item IDs are able to be written into an item’s NBT. The intended purpose of this is to make said unmapped network ite…
[org.elasticsearch:elasticsearch] Improper Check for Unusual or Exceptional Conditions in Elasticsearch
A Denial of Service flaw was discovered in Elasticsearch 8.0.0 through 8.2.0. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. Version 8.2.1 contains a p…
[jmespath] JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-32511
https://github.com/jmespath/jmespath.rb/pull/55
https://github.com/jmespath/jmesp…
[github.com/containerd/containerd] containerd CRI plugin: Host memory exhaustion through ExecSync
Impact
A bug was found in containerd’s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the ExecSync API. This can cause containerd to consume all available memor…
[github.com/cri-o/cri-o] Node DOS by way of memory exhaustion through ExecSync request in CRI-O
Description
An ExecSync request runs a command in a container and returns the output to the Kubelet. It is used for readiness and liveness probes within a pod. The way CRI-O runs ExecSync commands is through conmon. CRI-O asks conmon to start the proce…
[silverstripe/silverstripe-omnipay] Failed payment recorded has completed in Silverstripe Omnipay
Impact
For a subset of Omnipay gateways (those that use intermediary states like isNotification() or isRedirect()), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment be…
[django-s3file] Path Traversal in django-s3file
Impact
It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files.
The issue was discovered by the maintainer. There were no reports of the vulnerability
being known to or exploited by a third party, before the rel…