GitHub

MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-27340
https://github.com/UDKI11/vu…

A command injection vulnerability exists in git-interface in the GitHub repository yarkeev/git-interface prior to 2.1.2. If both the git remote and destination directory are provided by user input, then the use of an –upload-pack command-line argument…

Impact
Permissions set to sales channel context by admin-api are still useable within normal user session
Patches
We recommend updating to the current version 6.4.10.1. You can get the update to 6.4.10.1 regularly via the Auto-Updater or directly via t…

Impact
The attacker can abuse the Admin SDK functionality on the server to read or update internal resources.
Patches
We recommend updating to the current version 6.4.10.1. You can get the update to 6.4.10.1 regularly via the Auto-Updater or directly …

When an inventory interaction is performed (e.g. moving an item around an inventory), the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don’t match,…

Impact
Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system.
Patches
Yes. Please upgrade to v1.2.6.
Workarounds
A workaround is to restrict the path prefix to the “GET” method. As shown below
func main() {
r…

Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 user wrote the following code:
from PyPDF2 import PdfFileReader, PdfFileWriter
from PyPDF2.pdf import ContentStream

reader = PdfFileReader(“ma…

next-auth v3 users before version 3.29.2 are impacted. (We recommend upgrading to v4 in most cases. See our migration guide).next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are no…

Impact
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not mo…

Impact
A bug was found in CRI-O where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabiliti…