Impact
Harbor fails to validate the user permissions to view Webhook policies including relevant credentials configured in different projects the user doesn’t have access to, resulting in malicious users being able to read Webhook policies of other use…
[github.com/goharbor/harbor] Harbor fails to validate the user permissions when updating tag retention policies
Impact
Harbor fails to validate the user permissions when updating tag retention policies. API call:
PUT /retentions/{id}
By sending a request to update a tag retention policy with an id that belongs to a project
that the currently authenticated use…
[tauri] Tauri’s readDir Endpoint Scope can be Bypassed With Symbolic Links
Impact
Due to missing canonicalization when readDir is called recursively, it was possible to display directory listings outside of the defined fs scope. This required a crafted symbolic link or junction folder inside an allowed path of the fs scope. N…
[poetry] Poetry Argument Injection can lead to Local Code Execution
Observation
When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input (e.g. the repository URL). When building the commands, …
[tensorflow] TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
Impact
If tf.sparse.cross receives an input separator that is not a scalar, it gives a CHECK fail that can be used to trigger a denial of service attack.
import tensorflow as tf
tf.sparse.cross(inputs=[],name=’a’,separator=tf.constant([‘a’, ‘b’],dtype…
[tensorflow] TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`
Impact
When Conv2DBackpropInput receives empty out_backprop inputs (e.g. [3, 1, 0, 1]), the current CPU/GPU kernels CHECK fail (one with dnnl, the other with cudnn). This can be used to trigger a denial of service attack.
import tensorflow as tf
import…
[github.com/sigstore/cosign] Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Summary
A number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed.
Vulnerability 1: Bundle mismatch causes invalid verification.
Summary
A cosign bundle ca…
[typo3/html-sanitizer] TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Meta
CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C (5.7)
Problem
Due to a parsing issue in upstream package masterminds/html5, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This …
[github.com/fluxcd/flux2] Helm Controller denial of service
Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK allows for specific data inputs to cause high memory consumption, which in some platforms could cause the controller to panic and stop processing reconciliat…
[react/http] ReactPHP’s HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Impact
In ReactPHP’s HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host- and __Secure- confused with cookies that de…