This is a historical security advisory, pertaining to a vulnerability that was reported, patched, and published in 2021. It is listed here for completeness and for CVE tracking purposes.
Impact
Due to an unnecessarily strict conditional in the code han…
[mangadex-downloader] mangadex-downloader vulnerable to unauthorized file reading
Impact
When using file:<location> command and <location> is web URL location (http, https). mangadex-downloader will try to open and read a file in local disk for each line of website content.
So far, the app only read the files and not ex…
[jose] JOSE vulnerable to resource exhaustion via specifically crafted JWE
The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c (PBES2 Count), which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally…
[cruddl] cruddl vulnerable to ArangoDB Query Language (AQL) injection through flexSearch
Impact
If a vunerable version of cruddl is used to generate a schema that uses @flexSearchFulltext, users of that schema may be able to inject arbitrary AQL queries that will be forwarded to and executed by ArangoDB.
Schemas that do not use @flexSearch…
[github.com/open-policy-agent/opa] OPA Compiler: Bypass of WithUnsafeBuiltins using “with” keyword to mock functions
Impact
The Rego compiler provides a (deprecated) WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage…
[linked_list_allocator] linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::init_from_slice, and LockedHeap::new. It also affects multipl…
[org.xwiki.platform:xwiki-platform-oldcore] XWiki Platform Improper Authorization check for inactive users
Impact
Some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service: so a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions …
[org.xwiki.platform:xwiki-platform-web-templates] XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
Impact
Through the suggestion feature, string and list properties of objects the user shouldn’t have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also othe…
[org.xwiki.platform:xwiki-platform-index-ui] XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
Impact
It’s possible to store a JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name.
For example, attachment a file with name ><img src=1 onerror=alert(1)>.jpg …
[org.xwiki.platform:xwiki-platform-attachment-ui] XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
Impact
It’s possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment.
For example, an attachment with name ><img src=1 onerror=alert(1)>.jpg will execute the alert.
Patche…