Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to …
[org.apache.pulsar:pulsar] Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint
Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy’s IP address. When the Apache Pulsar Proxy component is used, it is possible to attem…
[@lionello/secp256k1-js] secp256k1-js implements ECDSA without required r and s validation, leading to signature forgery
The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41340
https://github.com/lionello/secp256k1-js/issues/11
https:/…
[jodit] Jodit Editor vulnerable to Cross-site Scripting
Jodit Editor is a WYSIWYG editor written in pure TypeScript without the use of additional libraries. Jodit Editor is vulnerable to XSS attacks when pasting specially constructed input. This issue has not been fully patched. There are no known workaroun…
[com.nepxion:discovery] Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and …
[com.nepxion:discovery] Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potenti…
[frontier] Weight not properly refunded after EVM execution
Impact
Previously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks — the adversary can construct blocks with transactions that have large amount of…
[github.com/mohammed90/caddy-ssh] Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
Not invoking a call to pam_acct_mgmt after a call to pam_authenticate to check the validity of a login can lead to an authorization bypass.
Impact
Exploitability
The attack can be carried over the network. A complex non-standard configuration or a spec…
[protobuf] protobuf-cpp and protobuf-python have potential Denial of Service issue
Summary
A message parsing and memory management vulnerability in ProtocolBuffer’s C++ and Python implementations can trigger an out of memory (OOM) failure when processing a specially crafted message, which could lead to a denial of service (DoS) on se…
[org.hyperledger.besu:evm] Besu VM vulnerable to gas allocation error in CALL operations
Impact
An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. …