Impact
When matrix-rust-sdk before 0.6 requests a room key from our devices, it correctly accepts key forwards only if they are a response to a previous request. However, it doesn’t check that the device that responded matches the device the key was re…
[@next-auth/upstash-redis-adapter] Upstash Adapter missing token verification
Impact
Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected.
Description
The Upstash Redis adapter implementation did not check for both the identifier (email) and the token, but only checking f…
[rdiffweb] rdiffweb vulnerable to password complexity bypass leading to weak passwords
ikus060/rdiffweb prior to 2.4.9 allows a user to set there password to all spaces. While rdiffweb has a password policy requiring passwords to be between 8 and 128 characters, it does not validate the password entropy, allowing users to bypass password…
[inventree] Inventree vulnerable to Stored Cross-site Scripting
Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3355
https://github.com/inventree/inventree/commit/5a08ef…
[feehi/feehicms] FeehiCMS vulnerable to Cross-Site scripting via crafted payload
FeehiCMS versions 2.0.1.1 and prior contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module. There are no patches and no known workarounds for this issue.
References
https://n…
[github.com/dutchcoders/transfer.sh] Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh. There is a fix commit merged into main for this issue, but an updated version has not yet been released.
Re…
[rdiffweb] rdiffweb’s unlimited length Fullname field can lead to DoS
rdiffweb prior to 2.5.0a3 does not validate email length, allowing users to insert an email longer than 255 characters. If a user signs up with an email with a length of 1 million or more characters and logs in, withdraws, or changes their email, the s…
[matrix-js-sdk] Improper beacon events in matrix-js-sdk can result in availability issues
Impact
Improperly formed beacon events (from MSC3488) can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normall…
[github.com/bytebase/bytebase] Bytebase does not restrict low privilege user to access admin issues
The Bytebase application does not restrict low privilege user to access admin issues for which an unauthorized user can view the OPEN and CLOSED issues by Admin and the affected endpoint is /issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-…
[org.apache.tomcat:tomcat] Apache Tomcat Race Condition vulnerability
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0…