Impact
Under some circumstances, the Feeds widget on the dashboard could have an XSS vulnerability if a malformed feed was supplied.
Patches
This has been patched in Craft 3.7.29.
References
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#37…
Impact
The default value for the CORS_ENABLED and CORS_ORIGIN configuration was set to be very permissive by default. This could lead to unauthorized access in uncontrolled environments when the configuration hasn’t been changed.
Patches
The default va…
Impact
Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy he…
Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, an…
NOTE: A previous patch, 1.4.2, fixed the heap memory issue, but could still lead to a DoS infinite loop. Please update to version 1.4.3
The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corrupti…
There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 – 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.
References
https://nvd.nist.gov/v…
Subrion is an open source php content management system. A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().
…
When parsing a URL without a scheme and with excessive slashes, like ///www.example.com, URI.js will parse the hostname as null and the path as /www.example.com.
Such behaviour is different from that exhibited by browsers, which will parse ///www.examp…
Impact
bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g.
b1: Bytes[32] = b”abcdef”
b1 = slice(b1, 0, 1)
b2: Bytes[32] = b”abcdef”
t: bool = b1 == b2 # incorrectly evaluates to True
eve…
The Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230:
The Content-Length header value could have a + or – prefix.
Illegal characters were permitted in…
