This is a historical security advisory, pertaining to a vulnerability that was reported, patched, and published in 2021. It is listed here for completeness and for CVE tracking purposes.
Impact
Due to an unnecessarily strict conditional in the code han…
[github.com/open-policy-agent/opa] OPA Compiler: Bypass of WithUnsafeBuiltins using “with” keyword to mock functions
Impact
The Rego compiler provides a (deprecated) WithUnsafeBuiltins function, which allows users to provide a set of built-in functions that should be deemed unsafe — and as such rejected — by the compiler if encountered in the policy compilation stage…
[linked_list_allocator] linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability impacts all the initialization functions on the Heap and LockedHeap types, including Heap::new, Heap::init, Heap::init_from_slice, and LockedHeap::new. It also affects multipl…
[org.xwiki.platform:xwiki-platform-oldcore] XWiki Platform Improper Authorization check for inactive users
Impact
Some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service: so a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions …
[org.xwiki.platform:xwiki-platform-web-templates] XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
Impact
Through the suggestion feature, string and list properties of objects the user shouldn’t have access to can be accessed. This includes private personal information like email addresses and salted password hashes of registered users but also othe…
[org.xwiki.platform:xwiki-platform-index-ui] XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
Impact
It’s possible to store a JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name.
For example, attachment a file with name ><img src=1 onerror=alert(1)>.jpg …
[org.xwiki.platform:xwiki-platform-attachment-ui] XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
Impact
It’s possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment.
For example, an attachment with name ><img src=1 onerror=alert(1)>.jpg will execute the alert.
Patche…
[mako] mako is vulnerable to Regular Expression Denial of Service
Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-40023
https://github.com/sqlal…
[github.com/talos-systems/talos] Talos vulnerable dependency due to race condition in Linux kernel’s IP framework XFRM
Impact
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bound…
[vncauthproxy] VNCAuthProxy authentication bypass vulnerability
OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitim…