Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to D…
[Akka] Remote code execution vulnerability in dependency System.Drawing.Common
Impact
The core Akka module depended on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability htt…
[tensorflow] Tensorflow vulnerable to Out-of-Bounds Read
Impact
When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob vuln occurs.
tf.raw_ops.ThreadUnsafeUnigramCandidateSampler(
true_classes=[[0x100000,1]],
num_true = 2,
num_sampled = 2,
…
[silverstripe/versioned-admin] Stored XSS in Compare Mode
A malicious content author could add a Javascript payload to a page’s meta description and get it executed in the versioned history compare view.
This vulnerability requires access to the CMS to be deployed. The attacker must then convince a privileged…
[silverstripe/framework] Blind SQL Injection via GridFieldSortableHeader
Gridfield state is vulnerable to SQL injections. The vast majority of Gridfields in Silverstripe CMS are affected by this vulnerability.
An attacker with CMS access could execute an arbitrary SQL statement by adding an SQL payload in some parts of the …
[silverstripe/framework] Reflected XSS in querystring parameters
An attacker could inject a XSS payload in a Silverstripe CMS response by carefully crafting a return URL on a /dev/build or /Security/login request.
To exploit this vulnerability, an attacker would need to convince a user to follow a link with a malici…
[silverstripe/framework] Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters.
An attacker must have access to the CMS to exploit this issue.
References
https://github.com/FriendsOf…
[silverstripe/framework] Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn’t account for the casing of the href attribute. An attacker must have access t…
[silverstripe/cms] Stored XSS in custom meta tags
A malicious content author could create a custom meta tag and execute an arbitrary JavaScript payload. This would require convincing a legitimate user to access a page and enter a custom keyboard shortcut.
This requires CMS access to exploit.
Reference…
[silverstripe/assets] XSS in shortcodes
A malicious content author could add arbitrary attributes to HTML editor shortcodes which could be used to inject a JavaScript payload on the front end of the site. The shortcode providers that ship with Silverstripe CMS have been reviewed and attribut…