MODERATE

A race condition can cause incorrect HTTP request routing.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-2583
https://github.com/ntbosscher/gobase/commit/a8d40bce9c429d324122d18c446924dab809e812
https://pkg.go.dev/vuln/GO-2022-0400
https://gith…

CSRF tokens are generated using math/rand, which is not a cryptographically secure rander number generation, making predicting their values relatively trivial and allowing an attacker to bypass CSRF protections which relatively few requests.
References…

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SD…

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-3064
https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
https://github.com/go-y…

A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cooki…

usememos/memos 0.9.0 and prior has endpoint that leaks user information like names, email, role, and OpenID to an authenticated user. A patch is available at commit 05b41804e33a34102f1f75bb2d69195dda6a1210 on the main branch.
References

https://nvd.ni…

Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.9.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4695
https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e
https://huntr.dev/bount…

Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.9.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4694
https://github.com/usememos/memos/commit/65cc19c12efa392f792f6bb154b4838547e0af5e
https://huntr.dev/bount…

Cross-site Scripting (XSS) – Stored in GitHub repository usememos/memos prior to 0.9.0.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-4691
https://github.com/usememos/memos/commit/c07b4a57caa89905e54b800f4d8fb720bbf5bf82
https://huntr.dev/bount…

A vulnerability was found in AWS SDK 2.59.0. It has been rated as critical. This issue affects the function XpathUtils of the file aws-android-sdk-core/src/main/java/com/amazonaws/util/XpathUtils.java of the component XML Parser. The manipulation leads…