Duplicate Advisory
This advisory is a duplicate of GHSA-qv98-3369-g364. This link is maintained to preserve external references.
Original Description
Summary
As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of pa…
[oqs] oqs’s Post-Quantum Key Encapsulation Mechanism SIKE broken
Wouter Castryck and Thomas Decru presented an efficient key recovery attack on the SIDH protocol.
As a result, the secret key of SIKEp751 can be recovered in a matter of hours.
The SIKE and SIDH schemes will be removed from oqs 0.7.2.
An efficient key …
[notrinos/notrinos-erp] NotrinosERP Cross-site Scripting vulnerability
NotrinosERP version 0.7 and prior is vulnerable to stored cross-site scripting. A fix is available on the master branch of the repository.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-2871
https://github.com/notrinos/notrinoserp/commit/0362778…
[github.com/hashicorp/consul] HashiCorp Consul Template could reveal Vault secret contents in error messages
In HashiCorp Consul Template through version 0.29.1, invalid templates could inadvertently reveal the contents of Vault secret in errors returned by the *template.Template.Execute 5 method, when given a template using Vault secret contents incorrectly….
[@mapbox/mapbox-maps-android] Mapbox is vulnerable to Integer Overflow
An integer overflow exists in Mapbox’s closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. The overflow is caused by large image height and width values when creating …
[rocksdb] rocksdb vulnerable to out-of-bounds read
Affected versions of this crate called the RocksDB C API
rocksdb_open_column_families_with_ttl() with a pointer to a single integer
TTL value, but one TTL value for each column family is expected.
This is only relevant when using
rocksdb::DBWithThreadM…
[update_by_case] update_by_case before 0.1.3 can be vulnerable to sql injection
Before version 0.1.3 update_by_case gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgrade to version >= 0.1.3 that uses Arel instead to construct the resulting sql statement, with sanitized sql.
Refere…
[temporary] `temporary` makes use of uninitialized memory
Uninit memory is used as a RNG seed in temporary. This has been resolved in the 0.6.4 release. The crate is not intended to be used outside of a testing environment. For a general purpose crate to create temporary directories, tempfile is an alternativ…
[tower-http] tower-http’s improper validation of Windows paths could lead to directory traversal attack
tower_http::services::fs::ServeDir didn’t correctly validate Windows paths, meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially re…
[nbconvert] nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Cross-linking to https://github.com/jupyter/nbviewer/security/advisories/GHSA-h274-fcvj-h2wm
Most of the fixes will be in this repo, though, so having it here gives us the private fork to work on patches
Below is currently a duplicate of the original r…