Description
An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-s…
[static-dev-server] static-dev-server vulnerable to path traversal
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory. There is currently no known workaround or fix f…
[phpxmlrpc/phpxmlrpc] code injection in phpxmlrpc/phpxmlrpc
code injection in Wrapper::buildClientWrapperCode via manipulation of the $client argument. It was possible to force the client to access local files or connect to undesired urls instead of the intended target server’s url.
References
https://github.c…
[qs] qs vulnerable to Prototype Pollution
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker…
[spatie/browsershot] Browsershot does not validate URL protocols passed to Browsershot URL method
Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the URL protocol passed to the Browsershot::url method.
References
https://nvd.nist.gov/vuln/de…
[microweber/microweber] Account Takeover Through Password Reset Poisoning
Microweber 1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-33012
https://blog.jitendrapatro.me/cve-2022-33012-account-takeover-through-pas…
[apache-airflow] OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access…
[apache-airflow] OS Command Injection in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write acces…
[ckan] CKAN contains Improper Authentication leading to account takeover
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
References
https://nvd.nist.gov/vuln/detail/CVE-…
[org.testng:testng] TestNG is vulnerable to Path Traversal
A vulnerability was found in cbeust testng. It has been declared as critical. Affected by this vulnerability is the function testngXmlExistsInJar of the file testng-core/src/main/java/org/testng/JarFileUtils.java of the component XML File Parser. The m…