Impact
All id-providers using lib-auth login method. lib-auth should invalidate old session after login and replicate session attributes in a new one, however this is not the behavior in affected versions.
Workarounds
Don’t use lib-auth for login.
Jav…
[dolibarr/dolibarr] Dolibarr vulnerable to Eval Injection
Dolibarr ERP & CRM <=15.0.3 are vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eva…
[org.apache.shiro:shiro-core] Apache Shiro Authentication Bypass vulnerability
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-40664
https://lists.apache.org/thread/loc2ktxng32xpy7lfwxto13k4lvnhjwg
ht…
[xmldom] Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in @xmldom/xmldom and xmldom
Impact
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package.
Patches
Update to @xmldom/xmldom@~0.7.6, @xmldom/xmldom@~0.8.3 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.2 (…
[gogs.io/gogs] Gogs vulnerable to Cross-site Scripting
In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-32174
https://github.com/gogs/gogs/blob/v0.12.10/public/js/gogs.js#L2…
[github.com/antchfx/xmlquery] xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.
References
https://nvd.nist…
[github.com/caddyserver/caddy/caddyhttp/httpserver] Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-21246
https://github.com/caddyserver/caddy/c…
[tecnickcom/tcpdf] TCPDF vulnerable to attackers triggering deserialization of arbitrary data
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
References
https://nvd.nist.gov/vuln/detail/CVE-2018-17057
https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b31…
[commons-jxpath:commons-jxpath] JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions
Those using JXPath to interpret untrusted XPath expressions may be vulnerable to a remote code execution attack. All JXPathContext class functions processing a XPath string are vulnerable except compile() and compilePath() function. The XPath expressio…
[org.hsqldb:hsqldb] HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the class…