Impact
Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication.
Users should immediate…
[poetry] Poetry vulnerable to Untrusted Search Path leading to Local Code Execution on Windows
Observation
To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. git config. These commands are being executed using the executable’s name and not its absolute path.
This can lead to the execution of untrusted …
[django-mfa2] django-mfa2 vulnerable to MFA Replay attack
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
References
https://nvd.nist.gov/vuln/det…
[openssl-src] Using a Custom Cipher with `NID_undef` may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order…
[fastify] fastify vulnerable to denial of service via malicious Content-Type
Impact
An attacker can send an invalid Content-Type header that can cause the application to crash, leading to a possible Denial of Service attack. Only the v4.x line is affected.
(This was updated: upon a close inspection, v3.x is not affected after a…
[github.com/traefik/traefik/v2] Traefik HTTP/2 connections management could cause a denial of service
Impact
There is a potential vulnerability in Traefik managing HTTP/2 connections.
A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service.
Patches
Trae…
[slack-morphism] Exposure of sensitive Slack webhook URLs in debug logs and traces
Impact
Debug logs expose sensitive URLs for Slack webhooks that contain private information.
Patches
The problem is fixed in v1.3.2 which redacts sensitive URLs for webhooks.
Workarounds
Disabling/filtering debug logs in case you use Slack webhooks usi…
[tiny-csrf] tiny-csrf has openly visible CSRF tokens
Impact
Weak encryption on CSRF so tokens can be read by malicious attackers.
Patches
Problems have been patched as of v1.1.0
Workarounds
Upgrade to v1.1.0
References
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_…
[apache-airflow] Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41672
https://github.com/apache/airflow…
[v8n] v8n vulnerable to Inefficient Regular Expression Complexity
Impact
Inefficient regular expression complexity of lowercase() and uppercase() regex could lead to a denial of service attack. With a formed payload ‘a’ + ‘a’.repeat(i) + ‘A’, only 32 characters payload could take 29443 ms time execution when testing …