Impact
SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8’s abi.decode allows some cases to revert, given a target contract that doesn’t implement EIP-1271 as expected.
The contracts that…
[wasmtime] Wasmtime vulnerable to Use After Free with `externref`s
There is a bug in Wasmtime’s code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection (GC). This means that if a GC happens at runtime then the collector will mistakenl…
[skywalking-backend-js] Apache SkyWalking NodeJS Agent can lose availability if header includes illegal SkyWalking header
A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The vulnerability will cause NodeJS services that has this agent installed to be unavailable if the OAP is unhealthy and NodeJS agent can’t establish the connection.
References
https://…
[@strapi/strapi] Strapi 4.1.12 Cross-site Scripting via crafted file
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. After an authenticated attacker uploads a file containing a malicious URL, a victim copies and pas…
[rpc.py] rpc.py 0.6.0 vulnerable to Deserialization of Untrusted Data
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the “serializer: pickle” HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be pr…
[chrono] Potential segfault in `localtime_r` invocations
Impact
Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user’s know…
[Microsoft.AspNetCore.Owin] Cookie parsing failure
A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being …
[pyarrow] Missing Initialization of Resource in Apache Arrow
While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby an…
[github.com/containous/traefik/v2] Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Summary
There exists a potential open redirect vulnerability in Traefik’s handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issu…
[org.pac4j:pac4j-core] Pac4j token validation bypass if OpenID Connect provider supports none algorithm
If an OpenID Connect provider supports the “none” algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the “idtoken” response type which is not secure and violates …