タレントのpecoさんとryuchellさんが、8月25日にそれぞれ自身のInstagramで離婚し…
華原朋美さん「ヤフコメさん達には傷つけられてきた」法的処置明かす 投稿者はどうやって特定する?
歌手の華原朋美さんが8月30日、自身のTwitterを更新し、Yahoo!ニュースのコメント欄(通称…
[org.apache.geode:geode-core] Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode…
[org.apache.geode:geode-core] Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1….
[io.quarkus:quarkus-core-parent] Quarkus does not terminate HTTP requests header context
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10….
郵便局取得保有データ活用促進へ協議の場創設
総務省は郵便局が取得・保有するデータの活用推進を図るとして、データの提供を求める団体と日本郵政・日本…
NFTホルダーと共同で制作、新しいアニメづくりを模索するプロジェクト「ANIM」 | DIAMOND SIGNAL
旧態依然としたアニメ制作のかたちを変えるべく、アニメ業界出身でポケモンや新世紀エヴァンゲリオン、PSYCHO-PASS(サイコパス)などに携わったクリエーターが“Web3時代のアニメスタジオ”を標榜するプロジェクトを立ち上げた。それが「ANIM」だ。…
[nvflare] NVFLARE unsafe deserialization due to Pickle
Impact
NVFLARE contains a vulnerability where deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.
All ver…
[mdx-mermaid] Improper Control of Generation of Code (‘Code Injection’) in mdx-mermaid
Impact
Arbitary javascript injection
Modify any mermaid code blocks with the following code and the code inside will execute when the component is loaded by MDXjs
` + (function () {
// Put Javascript code here
return ”
}()) + `
The block below sh…
[nitrado.js] Polynomial regular expression used on uncontrolled data in nitrado.js
Impact
Possible ReDoS with lib input of {{ and with many repetitions of {{|
Patches
Patched in all versions above 0.2.5
Workarounds
No known work arounds.
References
OWASP: Regular expression Denial of Service – ReDoS
Wikipedia: ReDoS.
Wikipedia: Time…