Impact
The malicious user is able to update a crafted config file into repository’s .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled (default) are affected.
Patc…
[crossbeam] `MsQueue` `push`/`pop` use the wrong orderings
Affected versions of this crate use orderings which are too weak to support this data structure.
It is likely this has caused memory corruption in the wild: https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919.
References
https:/…
[gogs.io/gogs] Cross-site Scripting vulnerability in repository issue list in Gogs
Impact
DisplayName allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list.
Patches
DisplayName is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.
Wo…
[gogs.io/gogs] Path Traversal in file editor on Windows in Gogs
Impact
The malicious user is able to delete and upload arbitrary file(s). All installations on Windows with repository upload enabled (default) are affected.
Patches
Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the late…
[laravel/laravel] Unserialized Pop Chain in Laravel
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.
References
h…
[noumo/easyii] Cross-Site Request Forgery in easyii CMS
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit…
[pocketmine/pocketmine-mp] Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP
Impact
Due to a workaround for unmapped network items implemented in 4.0.0-BETA5 (8ac16345a3bc099b62c1f5cfbf3b736e621c3f76), arbitrary item IDs are able to be written into an item’s NBT. The intended purpose of this is to make said unmapped network ite…
[org.elasticsearch:elasticsearch] Improper Check for Unusual or Exceptional Conditions in Elasticsearch
A Denial of Service flaw was discovered in Elasticsearch 8.0.0 through 8.2.0. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. Version 8.2.1 contains a p…
[jmespath] JMESPath for Ruby using JSON.load instead of JSON.parse
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-32511
https://github.com/jmespath/jmespath.rb/pull/55
https://github.com/jmespath/jmesp…
[org.jodd:jodd-http] Server-Side Request Forgery in Jodd HTTP
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a c…