When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied “pattern” that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates conta…
[org.apache.ivy:ivy] Apache Ivy does not verify target path when extracting the archive
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used
pack200 or zip packaging.
For artifacts using the “zip”, “jar” or “war” packaging Ivy prior to version 2.5.1 doesn’t …
[pulsar-client] Apache Pulsar: Disabled Certificate Validation for OAuth Client Credential Requests makes C++/Python Clients vulnerable to MITM attack
The Apache Pulsar C++ Client does not verify peer TLS certificates when making HTTPS calls for the OAuth2.0 Client Credential Flow, even when tlsAllowInsecureConnection is disabled via configuration. This vulnerability allows an attacker to perform a m…
[org.apache.uima:uimaj-core] Apache UIMA Path Traversal vulnerability
A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apac…
[ckb] ckb type_id script resume may randomly fail
Impact
https://github.com/nervosnetwork/ckb/blob/v0.101.2/script/src/verify.rs#L871-L879
TypeIdSystemScript resume handle is not correct when max_cycles is not enough, ScriptError::ExceededMaximumCycles will be raised directly ranther than suspend as e…
[muhammara] Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
Impact
The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another.
Patches
It has been patched in 2.6.0 for muhammara and not …
[apereo/phpcas] phpCAS vulnerable to Service Hostname Discovery Exploitation
Impact
The phpCAS library uses HTTP headers to determine the service URL used to validate tickets. This allows an attacker to control the host header and use a valid ticket granted for any authorized service in the same SSO realm (CAS server) to authen…
[openssl-src] X.509 Email Address Variable Length Buffer Overflow
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed a malicious certificate or for a…
[org.springframework.security:spring-security-oauth2-client] spring-security-oauth2-client vulnerable to Privilege Escalation
Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can modify a request initiated by the Client (via…
[org.springframework.security:spring-security-core] Spring Security authorization rules can be bypassed via forward or include dispatcher types
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The applicati…