Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with LazyList object deserialization within an application. In such situations, it allows attackers to …
[com.nepxion:discovery] Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution
Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and …
[org.hyperledger.besu:evm] Besu VM vulnerable to gas allocation error in CALL operations
Impact
An error in 32 bit signed and unsigned types in the calculation of available gas in the CALL operations (including DELEGATECALL) results in incorrect gas being passed into called contracts and incorrect gas being returned after call execution. …
[github.com/rancher/rancher] Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Impact
An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6.6 where sensitive fields, like passwords, API keys and Rancher’s service account token (used to provision clusters), were stored in plaintext directly on Kubernetes o…
[github.com/hashicorp/vault] HashiCorp Vault vulnerable to incorrect metadata access
An issue was discovered in HashiCorp Vault and Vault Enterprise before 1.11.3. A vulnerability in the Identity Engine was found where, in a deployment where an entity has multiple mount accessors with shared alias names, Vault may overwrite metadata to…
[com.compuware.jenkins:compuware-common-configuration] Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Version 1.0.15 contains a patch.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41226
https://www.je…
[net.praqma:rqm-plugin] Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41241
https://www.jenkins.io/security/advisory/2022-09-21/#SECURITY-2805
https://gi…
[python-jwt] python-jwt vulnerable to token forgery with new claims
Impact
An attacker who obtains a JWT can arbitrarily forge its contents without knowing the secret key. Depending on the application, this may for example enable the attacker to spoof other user’s identities, hijack their sessions, or bypass authentica…
[pagekit/pagekit] Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type
A file upload vulnerability exists in the storage feature of pagekit 1.0.18, which allows an attacker to upload malicious files
References
https://nvd.nist.gov/vuln/detail/CVE-2022-38916
https://github.com/pagekit/pagekit/issues/970
https://github.com…
[steal] steal vulnerable to Prototype Pollution via alias variable
Prototype pollution vulnerability in stealjs steal via the alias variable in babel.js.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-37265
https://github.com/stealjs/steal/issues/1534
https://github.com/stealjs/steal/blob/c9dd1eb19ed3f97aeb93cf…