CRITICAL

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3327
https://github.com/ikus060/rdiffweb/commit/f2a32f2a9f3fb8be1a9432ac3d81d3aacdb13095
https://hu…

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring node…

A sandbox bypass vulnerability involving crafted constructor bodies and calls to sandbox-generated synthetic constructors in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed …

A sandbox bypass vulnerability involving casting an array-like value to an array type in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to byp…

Impact
@keystone-6/core@2.2.0 || 2.3.0 users who are using the multiselect field, and provided field-level access control – are vulnerable to their field-level access control not being used.
List-level access control is NOT affected.
Field-level access…

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-42968
https://github.com/go-gitea/gitea/pull/21463
https://github.com/go-gitea/git…

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3439
https://github.com/ikus060/rdiffweb/commit/b78ec09f4582e363f6f449df6f987127e126c311
h…

ikus060/rdiffweb prior to 2.5.0a5 did not enforce origin validation in web traffic. Users are advised to upgrade to version 2.5.0a5.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3457
https://github.com/ikus060/rdiffweb/commit/afc1bdfab5161c740…

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is “${prefix:name}”, where “prefix” is used to locate an instance of org.apache.commons.text.lookup…

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-37601
https://github.com/webpack/load…