Impact
It’s possible to store Javascript or groovy scripts in an mention macro anchor or reference field. The stored code is executed by anyone visiting the page with the mention.
For example, the example below will create a file at /tmp/exploit.txt:
{…
[org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki] XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Impact
It’s possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the XWikiServerClassSheet if the user has view access to this sheet and another page that has been saved with…
[org.xwiki.platform.applications:xwiki-application-tag] XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Impact
The tags document Main.Tags in XWiki didn’t sanitize user inputs properly, allowing users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity co…
[github.com/talos-systems/talos] Talos worker join token can be used to get elevated access level to the Talos API
Impact
Talos worker nodes use a join token to get accepted into the Talos cluster. A misconfigured Kubernetes environment may allow workloads to access the join token of the worker node. A malicious workload could then use the join token to construct a…
[mako] mako is vulnerable to Regular Expression Denial of Service
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-40023
https://github.com/sqlal…
[wee_alloc] wee_alloc is Unmaintained
Two of the maintainers have indicated that the crate may not be maintained.
The crate has open issues including memory leaks and may not be suitable for production use.
It may be best to switch to the default Rust standard allocator on wasm32 targets.
…
[github.com/siderolabs/talos] nftables binding to an already bound chain
Impact
An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel. A denial of service can occur upon binding to an already bound chain.
Affected by this vulnerability is the function nft_verdict_init of the file net/netfilter/nf_tabl…
[github.com/talos-systems/talos] Talos vulnerable dependency due to race condition in Linux kernel’s IP framework XFRM
Impact
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bound…
[github.com/theupdateframework/go-tuf] Improper handling of different key IDs for the same public keys in attacker-controlled metadata
Issue
If an attacker is able to control a threshold of keys to insert the same public key more than once with different key IDs into signed, trusted metadata on a TUF repository, then go-tuf clients < 0.3.2 are susceptible to an attack where attacke…
[typo3/cms-core] TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Meta
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C (5.5)
Problem
Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from anoth…