Advisories

Dec 2021

Code injection via unsafe YAML loading

Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An attacker can add malicious code to the config file of a trained model and attempt to convince users to download and run it. If users run the model, the embedded code will run locally.

Use of a Broken or Risky Cryptographic Algorithm

Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent …

Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.

In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself. However, if the Gemfile includes gem entries that use the git option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git …

Improper Privilege Management

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Laravel is a web application framework. Laravel contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an …

Exposure of Sensitive Information to an Unauthorized Actor

Grafana Agent is a telemetry collector for sending metrics, logs, and trace data to the opinionated Grafana observability stack., inline secrets defined within a metrics instance config are exposed in plaintext over two endpoints: metrics instance configs defined in the base YAML file are exposed at /-/config and metrics instance configs defined for the scraping service are exposed at /agent/api/v1/configs/:key. Inline secrets will be exposed to anyone being able to …

Integer Overflow or Wraparound

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit …

Inefficient Regular Expression Complexity

Solidus is a free, open-source ecommerce platform built on Rails.If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file config/application.rb manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity.

Improper Access Control

The devise_masquerade gem allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise (without this extension) is used. If the server-side secret_key_base value became publicly known (for instance if it is committed to a public repository by mistake), there are still other protections in place that prevent an …

Exposure of Sensitive Information to an Unauthorized Actor

An issue was discovered in Couchbase Sync Gateway The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared …

Permissions not properly checked in Invenio-Drafts-Resources

Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. cannot change …

Permissions not properly checked in Invenio-Drafts-Resources

Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. cannot change …

Permissions not properly checked in Invenio-Drafts-Resources

Invenio-Drafts-Resources does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. cannot change …

Integer Overflow or Wraparound

runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the C portion of the code (responsible for the based namespace setup of containers). In all versions of runc, the encoder does not handle the possibility of an integer overflow in the length field for the …

Cross-site Scripting in python-cjson

Python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

Code injection in FreeIPA

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to …

Code injection in FreeIPA

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to …

Cross-site Scripting in CKAN

In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains %2F (encoded /), such as /files/..%2Fsecrets.txt, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles %2F properly. This vulnerability can be worked around by inserting a decorator that performs an …

Cross-site Scripting in django-wiki

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Backstage is an open platform for building developer portals.This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version 0.4.9 of @backstage/plugin-auth-backend.

Nov 2021

Use After Free in lucet

Lucet uses a "pool" allocator for new WebAssembly instances that are created. This pool allocator manages everything from the linear memory of the wasm instance, the runtime stack for async switching, as well as the memory behind the Instance itself. Instances are referred to via an InstanceHandle type which will, on drop, release the memory backing the Instance back to the pool. When an Instance is dropped, the fields of …

Improper Neutralization of Formula Elements in a CSV File

This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via CSV files.

ReDoS in LDAP schema parser

https://github.com/python-ldap/python-ldap/issues/424 Impact The LDAP schema parser of python-ldap are vulnerable to a regular expression denial-of-service attack. The issue affects clients that use ldap.schema package to parse LDAP schema definitions from an untrusted source. Patches The upcoming release of python-ldap will contain a workaround to prevent ReDoS attacks. The schema parser refuses schema definitions with an excessive amount of backslashes. Workarounds As a workaround, users can check input for excessive amount …

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

A malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the …

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version …

Session Fixation

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a …

Session Fixation

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a …

Session Fixation

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a …

Session Fixation

Symfony/SecurityBundle is the security system for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Since the rework of the Remember me cookie, the cookie is not invalidated when the user changes their password. Attackers can therefore maintain their access to the account even if the password is changed as long as they have had the chance to login once and get a …

Incorrect Authorization

Improper access control in Management screen of EC-CUBE 2 series allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the trusted_headers allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the X-Forwarded-Prefix headers, but this header was accessible in SubRequest, even if it was not part of the trusted_headers allowed list. An …

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the trusted_headers allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the X-Forwarded-Prefix headers, but this header was accessible in SubRequest, even if it was not part of the trusted_headers allowed list. An …

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Headers that are not part of the trusted_headers allowed list are ignored and protect users from Cache poisoning attacks. In Symfony, maintainers added support for the X-Forwarded-Prefix headers, but this header was accessible in SubRequest, even if it was not part of the trusted_headers allowed list. An …

Improper Neutralization of Formula Elements in a CSV File

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony is vulnerable to CSV injection, also known as formula injection. In Symfony, maintainers added the opt-in csv_escape_formulas option in the CsvEncoder, to prefix all cells starting with =, +, - or @ with a tab \t. Since then, OWASP added 2 chars in that list, …

Improper Neutralization of Formula Elements in a CSV File

Symfony/Serializer handles serializing and deserializing data structures for Symfony, a PHP framework for web and console applications and a set of reusable PHP components. Symfony is vulnerable to CSV injection, also known as formula injection. In Symfony, maintainers added the opt-in csv_escape_formulas option in the CsvEncoder, to prefix all cells starting with =, +, - or @ with a tab \t. Since then, OWASP added 2 chars in that list: …

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT …

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been "overridden". TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s …

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the …

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT …

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT …

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the …

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT …

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the …

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been "overridden". TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s …

Improper certificate management in AWS IoT Device SDK v2

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been "overridden". TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s …

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT …

Improper certificate management in AWS IoT Device SDK v2

Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT …

Server-Side Request Forgery (SSRF)

Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix this Concrete CMS no longer allows downloads from the local network and specifies the validated IP when downloading rather than relying on DNS.Discoverer: Adrian Tiron from FORTBRIDGE ( https://www.fortbridge.co.uk/ )The Concrete CMS team gave this a CVSS 3.1 score of …

Server-Side Request Forgery (SSRF)

Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local network appsandb. SSRF Mitigation Bypass through DNS RebindingConcrete CMS security team gave this a CVSS score of 3.5 AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:NConcrete CMS is maintaining Concrete …

Path traversal in Matrix Synapse

Synapse is a package for Matrix homeservers written in Python 3/Twisted. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation allowlist are also unaffected, since Synapse will check the remote hostname, including the trailing ../s, against the allowlist. Server administrators using …

Improper Privilege Management

Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group permissions before allowing a group to be moved. Concrete CMS Security team CVSS scoring: 7.1 AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HCredit for discovery: "Adrian Tiron from …

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be …

Improper Control of Generation of Code ('Code Injection')

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at /hystrix/monitor;[user-provided data], the path elements following hystrix/monitor are being evaluated as SpringEL expressions, which can lead to code execution.

Improper Certificate Validation

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the …

Improper Certificate Validation

Connections initialized by the AWS IoT Device SDK v2 for Java, Python , C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for …

Improper Certificate Validation

The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on macOS systems. Additionally, SNI validation is also not enabled when the CA has been “overridden”. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s …

Improper Certificate Validation

Connections initialized by the AWS IoT Device SDK v2 for Java, Python , C++ and Node.js does not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python …

Authorization Bypass Through User-Controlled Key

In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added to verify a user has permissions to view files before attaching the files to a message in "add / edit message”.Concrete CMS security team gave this a CVSS v3.1 score of 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NCredit for discovery Adrian H

Authorization Bypass Through User-Controlled Key

Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in view_inline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations were put in place a. restricting file types for view_inline to images only b. putting a warning in the file manager to advise …

Arbitrary file reading vulnerability in Aim

A path traversal attack aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.

Use of a Broken or Risky Cryptographic Algorithm

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may …

Use of a Broken or Risky Cryptographic Algorithm

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may …

Use of a Broken or Risky Cryptographic Algorithm

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may …

Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki

Impact When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. For more information If you have any questions or comments about …

Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root (https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation.

Spree Auth Devise vulnerability allows for authentication bypass through CSRF weakness

CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default) A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails …

Duplicate Advisory: Authentication Bypass by CSRF Weakness

CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default) A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails …

Duplicate Advisory: Authentication Bypass by CSRF Weakness

CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default) A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails …

Duplicate Advisory: Authentication Bypass by CSRF Weakness

CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default) A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails …

Clarify `mediaType` handling

Impact In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. Patches The Image Specification will be updated to recommend that both manifest and index documents contain a mediaType field to identify the type of document.

Authentication Bypass by CSRF Weakness

Impact The actual vulnerability has been discovered on solidus_auth_devise. See GHSA-xm34-v85h-9pg2 for details. The security advisory here exists to provide an extra layer of security in the form of a monkey patch for users who don't update solidus_auth_devise. For this reason, it has been marked as low impact on this end. Patches For extra security, update solidus_core to versions 3.1.3, 3.0.3 or 2.11.12. Workarounds Look at the workarounds described at …

Access of Resource Using Incompatible Type ('Type Confusion')

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix …

Cross-Site Request Forgery (CSRF)

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, or generate …

Cross-Site Request Forgery (CSRF)

solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem.Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails –new generated skeleton use :exception).

Insufficient Session Expiration

In ArangoDB, suffers from an Insufficient Session Expiration vulnerability. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malicious user to still be logged in and perform arbitrary actions within the system.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped user input to the DBAL QueryBuilder or any other API that ultimately uses the AbstractPlatform::modifyLimitQuery API.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters to protect against cross-site scripting (XSS) attacks. The default snippet for the image block unfortunately did not use our escaping helper. This made it …

Improper Input Validation in fruity

Methods of NSString for conversion to a string may return a partial result. Since they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first null byte, which might not be the end of the string. In addition to the vulnerable functions listed for this issue, the implementations of Display, PartialEq, PartialOrd, and ToString for NSString are also affected, since they call those functions. …

Cross-Site Request Forgery (CSRF)

PiranhaCMS is vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting a role, editing a post, deleting a media folder etc., when an ID is known.

Missing Authentication for Critical Function

Minio console is a graphical user interface for the for MinIO operator.Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.

Improper Input Validation in pip

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.

Exposure of Sensitive Information to an Unauthorized Actor

rails_multisite provides multi-db support for Rails applications.Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the rails_multisite gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.

Exposure of Sensitive Information to an Unauthorized Actor

An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).

ERC1155Supply vulnerability in OpenZeppelin Contracts

When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of tokens in circulation. Impact If a system relies on accurately reported supply, an attacker may be able to mint tokens and …

ERC1155Supply vulnerability in OpenZeppelin Contracts

When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total supply is lower than the real number of tokens in circulation. Impact If a system relies on accurately reported supply, an attacker may be able to mint tokens and …

Unrestricted Upload of File with Dangerous Type

Laravel Framework does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. Note, this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Users that can create Kubernetes Secrets, Service Accounts and Flux Kustomization objects, could execute commands inside the kustomize-controller container by embedding a shell script in a Kubernetes Secret. This can be used to run kubectl commands under the Service Account of kustomize-controller, thus allowing an authenticated Kubernetes …

Uncontrolled Resource Consumption

OctoRPKI does not limit the length of a connection, allowing for a slowloris DoS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.

Memory exhaustion in routinator

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of white space in the encoded data. The gzip scheme compresses such white space extremely well, leading to very small compressed files that become huge …

Use after free / memory leak in `CollectiveReduceV2`

The async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free: import tensorflow as tf tf.raw_ops.CollectiveReduceV2( input=[], group_size=[-10, -10, -10], group_key=[-10, -10], instance_key=[-10], ordering_token=[], merge_op='Mul', final_op='Div') This occurs due to the asynchronous computation and the fact that objects that have been std::move()d from are still accessed: auto done_with_cleanup = col_params, done = std::move(done) { done(); col_params->Unref(); }; OP_REQUIRES_OK_ASYNC(c, FillCollectiveParams(col_params, REDUCTION_COLLECTIVE, /group_size/ c->input(1), /group_key/ c->input(2), /instance_key/ c->input(3)), …

Use after free / memory leak in `CollectiveReduceV2`

The async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free: import tensorflow as tf tf.raw_ops.CollectiveReduceV2( input=[], group_size=[-10, -10, -10], group_key=[-10, -10], instance_key=[-10], ordering_token=[], merge_op='Mul', final_op='Div') This occurs due to the asynchronous computation and the fact that objects that have been std::move()d from are still accessed: auto done_with_cleanup = col_params, done = std::move(done) { done(); col_params->Unref(); }; OP_REQUIRES_OK_ASYNC(c, FillCollectiveParams(col_params, REDUCTION_COLLECTIVE, /group_size/ c->input(1), /group_key/ c->input(2), /instance_key/ c->input(3)), …

Use after free / memory leak in `CollectiveReduceV2`

The async implementation of CollectiveReduceV2 suffers from a memory leak and a use after free: import tensorflow as tf tf.raw_ops.CollectiveReduceV2( input=[], group_size=[-10, -10, -10], group_key=[-10, -10], instance_key=[-10], ordering_token=[], merge_op='Mul', final_op='Div') This occurs due to the asynchronous computation and the fact that objects that have been std::move()d from are still accessed: auto done_with_cleanup = col_params, done = std::move(done) { done(); col_params->Unref(); }; OP_REQUIRES_OK_ASYNC(c, FillCollectiveParams(col_params, REDUCTION_COLLECTIVE, /group_size/ c->input(1), /group_key/ c->input(2), /instance_key/ c->input(3)), …

Unitialized access in `EinsumHelper::ParseEquation`

During execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to true and never assigns false. for (int i = 0; i < num_inputs; ++i) { input_label_counts->at(i).resize(num_labels); for (const int label : input_labels->at(i)) { if (label != kEllipsisLabel) input_label_counts->at(i)[label] += 1; else input_has_ellipsis->at(i) = true; } …

Unitialized access in `EinsumHelper::ParseEquation`

During execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to true and never assigns false. for (int i = 0; i < num_inputs; ++i) { input_label_counts->at(i).resize(num_labels); for (const int label : input_labels->at(i)) { if (label != kEllipsisLabel) input_label_counts->at(i)[label] += 1; else input_has_ellipsis->at(i) = true; } …

Unitialized access in `EinsumHelper::ParseEquation`

During execution, EinsumHelper::ParseEquation() is supposed to set the flags in input_has_ellipsis vector and *output_has_ellipsis boolean to indicate whether there is ellipsis in the corresponding inputs and output. However, the code only changes these flags to true and never assigns false. for (int i = 0; i < num_inputs; ++i) { input_label_counts->at(i).resize(num_labels); for (const int label : input_labels->at(i)) { if (label != kEllipsisLabel) input_label_counts->at(i)[label] += 1; else input_has_ellipsis->at(i) = true; } …

Undefined behavior via `nullptr` reference binding in sparse matrix multiplication

The code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr: import tensorflow as tf tf.raw_ops.SparseMatMul( a=[[1.0,1.0,1.0]], b=[[],[],[]], transpose_a=False, transpose_b=False, a_is_sparse=False, b_is_sparse=True) This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation …

Undefined behavior via `nullptr` reference binding in sparse matrix multiplication

The code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr: import tensorflow as tf tf.raw_ops.SparseMatMul( a=[[1.0,1.0,1.0]], b=[[],[],[]], transpose_a=False, transpose_b=False, a_is_sparse=False, b_is_sparse=True) This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation …

Undefined behavior via `nullptr` reference binding in sparse matrix multiplication

The code for sparse matrix multiplication is vulnerable to undefined behavior via binding a reference to nullptr: import tensorflow as tf tf.raw_ops.SparseMatMul( a=[[1.0,1.0,1.0]], b=[[],[],[]], transpose_a=False, transpose_b=False, a_is_sparse=False, b_is_sparse=True) This occurs whenever the dimensions of a or b are 0 or less. In the case on one of these is 0, an empty output tensor should be allocated (to conserve the invariant that output tensors are always allocated when the operation …

Uncontrolled Resource Consumption

OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.

Segfault due to negative splits in `SplitV`

The implementation of SplitV can trigger a segfault is an attacker supplies negative arguments: import tensorflow as tf tf.raw_ops.SplitV( value=tf.constant([]), size_splits=[-1, -2] ,axis=0, num_split=2) This occurs whenever size_splits contains more than one value and at least one value is negative.

Segfault due to negative splits in `SplitV`

The implementation of SplitV can trigger a segfault is an attacker supplies negative arguments: import tensorflow as tf tf.raw_ops.SplitV( value=tf.constant([]), size_splits=[-1, -2] ,axis=0, num_split=2) This occurs whenever size_splits contains more than one value and at least one value is negative.

Segfault due to negative splits in `SplitV`

The implementation of SplitV can trigger a segfault is an attacker supplies negative arguments: import tensorflow as tf tf.raw_ops.SplitV( value=tf.constant([]), size_splits=[-1, -2] ,axis=0, num_split=2) This occurs whenever size_splits contains more than one value and at least one value is negative.

Overflow/crash in `tf.tile` when tiling tensor is large

If tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. import tensorflow as tf import numpy as np tf.keras.backend.tile(x=np.ones((1,1,1)), n=[100000000,100000000, 100000000]) The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.

Overflow/crash in `tf.tile` when tiling tensor is large

If tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. import tensorflow as tf import numpy as np tf.keras.backend.tile(x=np.ones((1,1,1)), n=[100000000,100000000, 100000000]) The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.

Overflow/crash in `tf.tile` when tiling tensor is large

If tf.tile is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. import tensorflow as tf import numpy as np tf.keras.backend.tile(x=np.ones((1,1,1)), n=[100000000,100000000, 100000000]) The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.

Overflow/crash in `tf.range`

While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows: import tensorflow as tf tf.sparse.eye(num_rows=9223372036854775807, num_columns=None) Similarly, tf.range would result in crashes due to overflows if …

Overflow/crash in `tf.range`

While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows: import tensorflow as tf tf.sparse.eye(num_rows=9223372036854775807, num_columns=None) Similarly, tf.range would result in crashes due to overflows if …

Overflow/crash in `tf.range`

While calculating the size of the output within the tf.range kernel, there is a conditional statement of type int64 = condition ? int64 : double. Due to C++ implicit conversion rules, both branches of the condition will be cast to double and the result would be truncated before the assignment. This result in overflows: import tensorflow as tf tf.sparse.eye(num_rows=9223372036854775807, num_columns=None) Similarly, tf.range would result in crashes due to overflows if …

Overflow/crash in `tf.image.resize` when size is large

If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. import tensorflow as tf import numpy as np tf.keras.layers.UpSampling2D( size=1610637938, data_format='channels_first', interpolation='bilinear')(np.ones((5,1,1,1))) The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.

Overflow/crash in `tf.image.resize` when size is large

If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. import tensorflow as tf import numpy as np tf.keras.layers.UpSampling2D( size=1610637938, data_format='channels_first', interpolation='bilinear')(np.ones((5,1,1,1))) The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.

Overflow/crash in `tf.image.resize` when size is large

If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow. import tensorflow as tf import numpy as np tf.keras.layers.UpSampling2D( size=1610637938, data_format='channels_first', interpolation='bilinear')(np.ones((5,1,1,1))) The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.

Null pointer exception when `Exit` node is not preceded by `Enter` op

The process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not: import tensorflow as tf @tf.function def func(): return tf.raw_ops.Exit(data=[False,False]) func() This occurs because the code assumes that the first node in the pairing (e.g., an Enter node) always exists when encountering the second node (e.g., an Exit node): … } else if (IsExit(curr_node)) …

Null pointer exception when `Exit` node is not preceded by `Enter` op

The process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not: import tensorflow as tf @tf.function def func(): return tf.raw_ops.Exit(data=[False,False]) func() This occurs because the code assumes that the first node in the pairing (e.g., an Enter node) always exists when encountering the second node (e.g., an Exit node): … } else if (IsExit(curr_node)) …

Null pointer exception when `Exit` node is not preceded by `Enter` op

The process of building the control flow graph for a TensorFlow model is vulnerable to a null pointer exception when nodes that should be paired are not: import tensorflow as tf @tf.function def func(): return tf.raw_ops.Exit(data=[False,False]) func() This occurs because the code assumes that the first node in the pairing (e.g., an Enter node) always exists when encountering the second node (e.g., an Exit node): … } else if (IsExit(curr_node)) …

Null pointer exception in `DeserializeSparse`

The shape inference code for DeserializeSparse can trigger a null pointer dereference: import tensorflow as tf dataset = tf.data.Dataset.range(3) @tf.function def test(): y = tf.raw_ops.DeserializeSparse( serialized_sparse=tf.data.experimental.to_variant(dataset), dtype=tf.int32) test() This is because the shape inference function assumes that the serialize_sparse tensor is a tensor with positive rank (and having 3 as the last dimension). However, in the example above, the argument is a scalar (i.e., rank 0).

Null pointer exception in `DeserializeSparse`

The shape inference code for DeserializeSparse can trigger a null pointer dereference: import tensorflow as tf dataset = tf.data.Dataset.range(3) @tf.function def test(): y = tf.raw_ops.DeserializeSparse( serialized_sparse=tf.data.experimental.to_variant(dataset), dtype=tf.int32) test() This is because the shape inference function assumes that the serialize_sparse tensor is a tensor with positive rank (and having 3 as the last dimension). However, in the example above, the argument is a scalar (i.e., rank 0).

Null pointer exception in `DeserializeSparse`

The shape inference code for DeserializeSparse can trigger a null pointer dereference: import tensorflow as tf dataset = tf.data.Dataset.range(3) @tf.function def test(): y = tf.raw_ops.DeserializeSparse( serialized_sparse=tf.data.experimental.to_variant(dataset), dtype=tf.int32) test() This is because the shape inference function assumes that the serialize_sparse tensor is a tensor with positive rank (and having 3 as the last dimension). However, in the example above, the argument is a scalar (i.e., rank 0).

Missing validation during checkpoint loading

An attacker can trigger undefined behavior, integer overflows, segfaults and CHECK-fail crashes if they can change saved checkpoints from outside of TensorFlow. This is because the checkpoints loading infrastructure is missing validation for invalid file formats.

Integer division by 0 in `tf.raw_ops.AllToAll`

The shape inference code for AllToAll can be made to execute a division by 0: import tensorflow as tf @tf.function def func(): return tf.raw_ops.AllToAll( input=[0.0, 0.1652, 0.6543], group_assignment=[1, -1], concat_dimension=0, split_dimension=0, split_count=0) func() This occurs whenever the split_count argument is 0: TF_RETURN_IF_ERROR(c->GetAttr("split_count", &split_count)); … for (int32_t i = 0; i < rank; ++i) { … dims[i] = c->MakeDim(c->Value(dims[i]) / split_count); … }

Integer division by 0 in `tf.raw_ops.AllToAll`

The shape inference code for AllToAll can be made to execute a division by 0: import tensorflow as tf @tf.function def func(): return tf.raw_ops.AllToAll( input=[0.0, 0.1652, 0.6543], group_assignment=[1, -1], concat_dimension=0, split_dimension=0, split_count=0) func() This occurs whenever the split_count argument is 0: TF_RETURN_IF_ERROR(c->GetAttr("split_count", &split_count)); … for (int32_t i = 0; i < rank; ++i) { … dims[i] = c->MakeDim(c->Value(dims[i]) / split_count); … }

Integer division by 0 in `tf.raw_ops.AllToAll`

The shape inference code for AllToAll can be made to execute a division by 0: import tensorflow as tf @tf.function def func(): return tf.raw_ops.AllToAll( input=[0.0, 0.1652, 0.6543], group_assignment=[1, -1], concat_dimension=0, split_dimension=0, split_count=0) func() This occurs whenever the split_count argument is 0: TF_RETURN_IF_ERROR(c->GetAttr("split_count", &split_count)); … for (int32_t i = 0; i < rank; ++i) { … dims[i] = c->MakeDim(c->Value(dims[i]) / split_count); … }

Insufficient Session Expiration in @cyyynthia/tokenize

Impact A bug introduced made Tokenize generate faulty tokens with NaN as a generation date. As a result, tokens would not properly expire and remain valid regardless of the lastTokenReset field. Patches contains a patch that'll invalidate these faulty tokens and make new ones behave as expected. Workarounds None. Tokens do not hold the necessary information to perform invalidation anymore. References PR #1 For more information If you have any …

Incorrect Authorization

Pomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using allowed_idp_claims as part of policy. If using allowed_idp_claims and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on databroker service by clearing redis …

Incomplete validation of shapes in multiple TF ops

Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there …

Incomplete validation of shapes in multiple TF ops

Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there …

Incomplete validation of shapes in multiple TF ops

Several TensorFlow operations are missing validation for the shapes of the tensor arguments involved in the call. Depending on the API, this can result in undefined behavior and segfault or CHECK-fail related crashes but in some scenarios writes and reads from heap populated arrays are also possible. We have discovered these issues internally via tooling while working on improving/testing GPU op determinism. As such, we don't have reproducers and there …

Incomplete validation in boosted trees code

The code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing nullptrs or via CHECK-failures) as well as abuse undefined behavior (binding references to nullptrs). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Note: Given that the boosted trees implementation in …

Incomplete validation in boosted trees code

The code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing nullptrs or via CHECK-failures) as well as abuse undefined behavior (binding references to nullptrs). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Note: Given that the boosted trees implementation in …

Incomplete validation in boosted trees code

The code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing nullptrs or via CHECK-failures) as well as abuse undefined behavior (binding references to nullptrs). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Note: Given that the boosted trees implementation in …

Improper hashing in enrocrypt

The vulnerability is we used MD5 hashing Algorithm In our hashing file. If anyone who is a beginner(and doesn't know about hashes) can face problems as MD5 is considered a Insecure Hashing Algorithm.

Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

The shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array: import tensorflow as tf @tf.function def func(): return tf.raw_ops.SparseCountSparseOutput( indices=[1], values=[[1]], dense_shape=[10], weights=[], binary_output= True) func() The function fails to check that the first input (i.e., indices) has rank 2: auto rank = c->Dim(c->input(0), 1);

Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

The shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array: import tensorflow as tf @tf.function def func(): return tf.raw_ops.SparseCountSparseOutput( indices=[1], values=[[1]], dense_shape=[10], weights=[], binary_output= True) func() The function fails to check that the first input (i.e., indices) has rank 2: auto rank = c->Dim(c->input(0), 1);

Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`

The shape inference functions for SparseCountSparseOutput can trigger a read outside of bounds of heap allocated array: import tensorflow as tf @tf.function def func(): return tf.raw_ops.SparseCountSparseOutput( indices=[1], values=[[1]], dense_shape=[10], weights=[], binary_output= True) func() The function fails to check that the first input (i.e., indices) has rank 2: auto rank = c->Dim(c->input(0), 1);

Heap OOB in shape inference for `QuantizeV2`

The shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. The code allows axis to be an optional argument (s would contain an error::NOT_FOUND error code). Otherwise, it assumes that axis is a valid index into the dimensions of the input tensor. If axis is less than -1 then this results in a heap OOB read.

Heap OOB in shape inference for `QuantizeV2`

The shape inference code for QuantizeV2 can trigger a read outside of bounds of heap allocated array. The code allows axis to be an optional argument (s would contain an error::NOT_FOUND error code). Otherwise, it assumes that axis is a valid index into the dimensions of the input tensor. If axis is less than -1 then this results in a heap OOB read.

Heap OOB in `SparseBinCount`

The implementation of SparseBinCount is vulnerable to a heap OOB: import tensorflow as tf tf.raw_ops.SparseBincount( indices=[[0],[1],[2]] values=[0,-10000000] dense_shape=[1,1] size=[1] weights=[3,2,1] binary_output=False) This is because of missing validation between the elements of the values argument and the shape of the sparse output: for (int64_t i = 0; i < indices_mat.dimension(0); ++i) { const int64_t batch = indices_mat(i, 0); const Tidx bin = values(i); … out(batch, bin) = …; }

Heap OOB in `SparseBinCount`

The implementation of SparseBinCount is vulnerable to a heap OOB: import tensorflow as tf tf.raw_ops.SparseBincount( indices=[[0],[1],[2]] values=[0,-10000000] dense_shape=[1,1] size=[1] weights=[3,2,1] binary_output=False) This is because of missing validation between the elements of the values argument and the shape of the sparse output: for (int64_t i = 0; i < indices_mat.dimension(0); ++i) { const int64_t batch = indices_mat(i, 0); const Tidx bin = values(i); … out(batch, bin) = …; }

Heap OOB in `SparseBinCount`

The implementation of SparseBinCount is vulnerable to a heap OOB: import tensorflow as tf tf.raw_ops.SparseBincount( indices=[[0],[1],[2]] values=[0,-10000000] dense_shape=[1,1] size=[1] weights=[3,2,1] binary_output=False) This is because of missing validation between the elements of the values argument and the shape of the sparse output: for (int64_t i = 0; i < indices_mat.dimension(0); ++i) { const int64_t batch = indices_mat(i, 0); const Tidx bin = values(i); … out(batch, bin) = …; }

Heap OOB in `FusedBatchNorm` kernels

The implementation of FusedBatchNorm kernels is vulnerable to a heap OOB: import tensorflow as tf tf.raw_ops.FusedBatchNormGrad( y_backprop=tf.constant([i for i in range(9)],shape=(1,1,3,3),dtype=tf.float32) x=tf.constant([i for i in range(2)],shape=(1,1,1,2),dtype=tf.float32) scale=[1,1], reserve_space_1=[1,1], reserve_space_2=[1,1,1], epsilon=1.0, data_format='NCHW', is_training=True)

Heap OOB in `FusedBatchNorm` kernels

The implementation of FusedBatchNorm kernels is vulnerable to a heap OOB: import tensorflow as tf tf.raw_ops.FusedBatchNormGrad( y_backprop=tf.constant([i for i in range(9)],shape=(1,1,3,3),dtype=tf.float32) x=tf.constant([i for i in range(2)],shape=(1,1,1,2),dtype=tf.float32) scale=[1,1], reserve_space_1=[1,1], reserve_space_2=[1,1,1], epsilon=1.0, data_format='NCHW', is_training=True)

Heap OOB in `FusedBatchNorm` kernels

The implementation of FusedBatchNorm kernels is vulnerable to a heap OOB: import tensorflow as tf tf.raw_ops.FusedBatchNormGrad( y_backprop=tf.constant([i for i in range(9)],shape=(1,1,3,3),dtype=tf.float32) x=tf.constant([i for i in range(2)],shape=(1,1,1,2),dtype=tf.float32) scale=[1,1], reserve_space_1=[1,1], reserve_space_2=[1,1,1], epsilon=1.0, data_format='NCHW', is_training=True)

Heap buffer overflow in `Transpose`

The shape inference function for Transpose is vulnerable to a heap buffer overflow: import tensorflow as tf @tf.function def test(): y = tf.raw_ops.Transpose(x=[1,2,3,4],perm=[-10]) return y test() This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are all valid: for (int32_t i = 0; i < rank; ++i) { int64_t in_idx = data[i]; if (in_idx >= rank) { return errors::InvalidArgument("perm dim …

Heap buffer overflow in `Transpose`

The shape inference function for Transpose is vulnerable to a heap buffer overflow: import tensorflow as tf @tf.function def test(): y = tf.raw_ops.Transpose(x=[1,2,3,4],perm=[-10]) return y test() This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are all valid: for (int32_t i = 0; i < rank; ++i) { int64_t in_idx = data[i]; if (in_idx >= rank) { return errors::InvalidArgument("perm dim …

Heap buffer overflow in `Transpose`

The shape inference function for Transpose is vulnerable to a heap buffer overflow: import tensorflow as tf @tf.function def test(): y = tf.raw_ops.Transpose(x=[1,2,3,4],perm=[-10]) return y test() This occurs whenever perm contains negative elements. The shape inference function does not validate that the indices in perm are all valid: for (int32_t i = 0; i < rank; ++i) { int64_t in_idx = data[i]; if (in_idx >= rank) { return errors::InvalidArgument("perm dim …

FPE in `ParallelConcat`

The implementation of ParallelConcat misses some input validation and can produce a division by 0: import tensorflow as tf @tf.function def test(): y = tf.raw_ops.ParallelConcat(values=[['tf']],shape=0) return y test()

FPE in `ParallelConcat`

The implementation of ParallelConcat misses some input validation and can produce a division by 0: import tensorflow as tf @tf.function def test(): y = tf.raw_ops.ParallelConcat(values=[['tf']],shape=0) return y test()

FPE in `ParallelConcat`

The implementation of ParallelConcat misses some input validation and can produce a division by 0: import tensorflow as tf @tf.function def test(): y = tf.raw_ops.ParallelConcat(values=[['tf']],shape=0) return y test()

Exposure of Sensitive Information to an Unauthorized Actor

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released Users unable to upgrade are advised to disable destination caching (it is …

Deadlock in mutually recursive `tf.function` objects

The code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive: import tensorflow as tf @tf.function() def fun1(num): if num == 1: return print(num) fun2(num-1) @tf.function() def fun2(num): if num == 0: return print(num) fun1(num-1) fun1(9) This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of …

Deadlock in mutually recursive `tf.function` objects

The code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive: import tensorflow as tf @tf.function() def fun1(num): if num == 1: return print(num) fun2(num-1) @tf.function() def fun2(num): if num == 0: return print(num) fun1(num-1) fun1(9) This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of …

Deadlock in mutually recursive `tf.function` objects

The code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive: import tensorflow as tf @tf.function() def fun1(num): if num == 1: return print(num) fun2(num-1) @tf.function() def fun2(num): if num == 0: return print(num) fun1(num-1) fun1(9) This occurs due to using a non-reentrant Lock Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of …

Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary.

Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary.

Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes

TensorFlow allows tensor to have a large number of dimensions and each dimension can be as large as desired. However, the total number of elements in a tensor must fit within an int64_t. If an overflow occurs, MultiplyWithoutOverflow would return a negative result. In the majority of TensorFlow codebase this then results in a CHECK-failure. Newer constructs exist which return a Status instead of crashing the binary.

Crash in `tf.math.segment_*` operations

The implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a segment id in segment_ids is large. import tensorflow as tf tf.math.segment_max(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_min(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_mean(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_sum(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_prod(data=np.ones((1,10,1)), segment_ids=[1676240524292489355])

Crash in `tf.math.segment_*` operations

The implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a segment id in segment_ids is large. import tensorflow as tf tf.math.segment_max(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_min(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_mean(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_sum(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_prod(data=np.ones((1,10,1)), segment_ids=[1676240524292489355])

Crash in `tf.math.segment_*` operations

The implementation of tf.math.segment_* operations results in a CHECK-fail related abort (and denial of service) if a segment id in segment_ids is large. import tensorflow as tf tf.math.segment_max(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_min(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_mean(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_sum(data=np.ones((1,10,1)), segment_ids=[1676240524292489355]) tf.math.segment_prod(data=np.ones((1,10,1)), segment_ids=[1676240524292489355])

Crash in `max_pool3d` when size argument is 0 or negative

The Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative: import tensorflow as tf pool_size = [2, 2, 0] layer = tf.keras.layers.MaxPooling3D(strides=1, pool_size=pool_size) input_tensor = tf.random.uniform([3, 4, 10, 11, 12], dtype=tf.float32) res = layer(input_tensor) This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive.

Crash in `max_pool3d` when size argument is 0 or negative

The Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative: import tensorflow as tf pool_size = [2, 2, 0] layer = tf.keras.layers.MaxPooling3D(strides=1, pool_size=pool_size) input_tensor = tf.random.uniform([3, 4, 10, 11, 12], dtype=tf.float32) res = layer(input_tensor) This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive.

Crash in `max_pool3d` when size argument is 0 or negative

The Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative: import tensorflow as tf pool_size = [2, 2, 0] layer = tf.keras.layers.MaxPooling3D(strides=1, pool_size=pool_size) input_tensor = tf.random.uniform([3, 4, 10, 11, 12], dtype=tf.float32) res = layer(input_tensor) This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window are not checked to be strictly positive.

Code injection in `saved_model_cli`

TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings def preprocess_input_exprs_arg_string(input_exprs_str): … for input_raw in filter(bool, input_exprs_str.split(';')): … input_key, expr = input_raw.split('=', 1) input_dict[input_key] = eval(expr) … This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We …

Code injection in `saved_model_cli`

TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings def preprocess_input_exprs_arg_string(input_exprs_str): … for input_raw in filter(bool, input_exprs_str.split(';')): … input_key, expr = input_raw.split('=', 1) input_dict[input_key] = eval(expr) … This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We …

Code injection in `saved_model_cli`

TensorFlow's saved_model_cli tool is vulnerable to a code injection as it calls eval on user supplied strings def preprocess_input_exprs_arg_string(input_exprs_str): … for input_raw in filter(bool, input_exprs_str.split(';')): … input_key, expr = input_raw.split('=', 1) input_dict[input_key] = eval(expr) … This can be used by attackers to run arbitrary code on the plaform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. We …

Arbitrary memory read in `ImmutableConst`

The ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents: import tensorflow as tf with open('/tmp/test','wb') as f: f.write(b'\xe2'*128) data = tf.raw_ops.ImmutableConst(dtype=tf.string,shape=3,memory_region_name='/tmp/test') print(data) This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype.

Arbitrary memory read in `ImmutableConst`

The ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents: import tensorflow as tf with open('/tmp/test','wb') as f: f.write(b'\xe2'*128) data = tf.raw_ops.ImmutableConst(dtype=tf.string,shape=3,memory_region_name='/tmp/test') print(data) This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype.

Arbitrary memory read in `ImmutableConst`

The ImmutableConst operation in TensorFlow can be tricked into reading arbitrary memory contents: import tensorflow as tf with open('/tmp/test','wb') as f: f.write(b'\xe2'*128) data = tf.raw_ops.ImmutableConst(dtype=tf.string,shape=3,memory_region_name='/tmp/test') print(data) This is because the tstring TensorFlow string class has a special case for memory mapped strings but the operation itself does not offer any support for this datatype.

Access to invalid memory during shape inference in `Cudnn*` ops

The shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow: import tensorflow as tf @tf.function def func(): return tf.raw_ops.CudnnRNNV3( input=[0.1, 0.1], input_h=[0.5], input_c=[0.1, 0.1, 0.1], params=[0.5, 0.5], sequence_lengths=[-1, 0, 1]) func() This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values: auto input_shape = c->input(0); auto …

Access to invalid memory during shape inference in `Cudnn*` ops

The shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow: import tensorflow as tf @tf.function def func(): return tf.raw_ops.CudnnRNNV3( input=[0.1, 0.1], input_h=[0.5], input_c=[0.1, 0.1, 0.1], params=[0.5, 0.5], sequence_lengths=[-1, 0, 1]) func() This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values: auto input_shape = c->input(0); auto …

Access to invalid memory during shape inference in `Cudnn*` ops

The shape inference code for the Cudnn* operations in TensorFlow can be tricked into accessing invalid memory, via a heap buffer overflow: import tensorflow as tf @tf.function def func(): return tf.raw_ops.CudnnRNNV3( input=[0.1, 0.1], input_h=[0.5], input_c=[0.1, 0.1, 0.1], params=[0.5, 0.5], sequence_lengths=[-1, 0, 1]) func() This occurs because the ranks of the input, input_h and input_c parameters are not validated, but code assumes they have certain values: auto input_shape = c->input(0); auto …

A use of uninitialized value vulnerability in Tensorflow

TensorFlow's Grappler optimizer has a use of unitialized variable: const NodeDef* dequeue_node; for (const auto& train_node : train_nodes) { if (IsDequeueOp(*train_node)) { dequeue_node = train_node; break; } } if (dequeue_node) { … } If the train_nodes vector (obtained from the saved model that gets optimized) does not contain a Dequeue node, then dequeue_node is left unitialized.

A use of uninitialized value vulnerability in Tensorflow

TensorFlow's Grappler optimizer has a use of unitialized variable: const NodeDef* dequeue_node; for (const auto& train_node : train_nodes) { if (IsDequeueOp(*train_node)) { dequeue_node = train_node; break; } } if (dequeue_node) { … } If the train_nodes vector (obtained from the saved model that gets optimized) does not contain a Dequeue node, then dequeue_node is left unitialized.

A use of uninitialized value vulnerability in Tensorflow

TensorFlow's Grappler optimizer has a use of unitialized variable: const NodeDef* dequeue_node; for (const auto& train_node : train_nodes) { if (IsDequeueOp(*train_node)) { dequeue_node = train_node; break; } } if (dequeue_node) { … } If the train_nodes vector (obtained from the saved model that gets optimized) does not contain a Dequeue node, then dequeue_node is left unitialized.

`SparseFillEmptyRows` heap OOB

The implementation of SparseFillEmptyRows can be made to trigger a heap OOB access: import tensorflow as tf data=tf.raw_ops.SparseFillEmptyRows( indices=[[0,0],[0,0],[0,0]], values=['sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'], dense_shape=[5,3], default_value='o') This occurs whenever the size of indices does not match the size of values.

`SparseFillEmptyRows` heap OOB

The implementation of SparseFillEmptyRows can be made to trigger a heap OOB access: import tensorflow as tf data=tf.raw_ops.SparseFillEmptyRows( indices=[[0,0],[0,0],[0,0]], values=['sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'], dense_shape=[5,3], default_value='o') This occurs whenever the size of indices does not match the size of values.

`SparseFillEmptyRows` heap OOB

The implementation of SparseFillEmptyRows can be made to trigger a heap OOB access: import tensorflow as tf data=tf.raw_ops.SparseFillEmptyRows( indices=[[0,0],[0,0],[0,0]], values=['sssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'], dense_shape=[5,3], default_value='o') This occurs whenever the size of indices does not match the size of values.

Out-of-bounds Write

Stack overflow in lua_resume of ldo.c in Lua Interpreter allows attackers to perform a Denial of Service via a crafted script file.

Signature verification vulnerability in Stark Bank ecdsa libraries

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

Signature verification vulnerability in Stark Bank ecdsa libraries

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

Signature verification vulnerability in Stark Bank ecdsa libraries

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

Signature verification vulnerability in Stark Bank ecdsa libraries

An attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.

Incorrect Permission Assignment for Critical Resource

neoan3-apps/template allows for passing in closures directly into the template engine. As a result, values that are callable are executed by the template engine. The issue arises if a value has the same name as a method or function in scope and can therefore be executed either by mistake or maliciously. In theory all users of the package are affected as long as they either deal with direct user input …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Grafana is an open-source platform for monitoring and observability. arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the malicious link must be unauthenticated and the link must be for a page that contains the login button in the menu bar. The url has to be crafted to exploit AngularJS rendering and contain the interpolation binding for AngularJS expressions. AngularJS uses double curly …

coreos-installer < 0.10.0 writes world-readable Ignition config to installed system

On systems installed with coreos-installer before 0.10.0, the user-provided Ignition config was written to /boot/ignition/config.ign with world-readable permissions, granting unprivileged users access to any secrets included in the config. Default configurations of Fedora CoreOS and RHEL CoreOS do not include any unprivileged user accounts. In addition, instances launched from a cloud image, and systems provisioned with the ignition.config.url kernel argument, do not use the config.ign file and are unaffected.

Protection Mechanism Failure

Jenkins does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control of agent processes to replace the code of a trusted library with a modified variant. This results in unsandboxed code execution in the Jenkins controller process.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a dynamic XSS attack surface that can allow code injection on operation autocomplete. In order for the attack to take place, the user must load a malicious schema in graphql-playground.

Embedded malware in rc

The npm package rc had versions published with malicious code. Users of affected versions (1.2.9, 1.3.9, and 2.3.9) should downgrade to 1.2.8 as soon as possible and check their systems for suspicious activity. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as …

Embedded malware in coa

The npm package coa had versions published with malicious code. Users of affected versions (2.0.3 and above) should downgrade to 2.0.2 as soon as possible and check their systems for suspicious activity. See this issue for details as they unfold. Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. …

Unexpected panics in num-bigint

Two scenarios were reported where BigInt and BigUint multiplication may unexpectedly panic. The internal mac3 function did not expect the possibility of non-empty all-zero inputs, leading to an unwrap() panic. A buffer was allocated with less capacity than needed for an intermediate result, leading to an assertion panic. Rust panics can either cause stack unwinding or program abort, depending on the application configuration. In some settings, an unexpected panic may …

Uncontrolled Search Path Element

A dependency confusion vulnerability was reported in the Antilles open-source software that could allow for remote code execution during installation due to a package listed in requirements.txt not existing in the public package index (PyPi). MITRE classifies this weakness as an Uncontrolled Search Path Element (CWE-427) in which a private package dependency may be replaced by an unauthorized package of the same name published to a well-known public repository such …

Missing Authorization

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote requests to provide sensible, protected …

Incorrect Authorization

In Publify pre1 to is vulnerable to Improper Access Control. guest role users can self-register even when the admin does not allow. This happens due to front-end restriction only.

XML External Entity vulnerability in Easy-XML

The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.

Incorrect Authorization

DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.

Oct 2021

Uncontrolled Resource Consumption

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don't use parser_apache2 for parsing …

Incorrect Authorization

DSpace is an open source turnkey repository application, any community or collection administrator can escalate their permission up to become system administrator. As a workaround, users of may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.

Improper Access Control in github.com/treeverse/lakefs

Impact [medium] A user with write permissions to a portion of a repository may use the S3 gateway to copy any object in the repository if they know its name. [medium] A user with permission to write any one of tags, branches, or commits on a repository may write all of them. [low] A user with permission to read any one of tags, branches, or commits on a repository may …

Remote code execution in dask

An issue was discovered in Dask (aka python-dask) through 2021.09.1. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by …

Exposure of Resource to Wrong Sphere

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could …

Deserialization of Untrusted Data

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

XSS in the `of` option of the `.position()` util in jquery-ui

Accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. For example, invoking the following code: $( "#element" ).position( { my: "left top", at: "right bottom", of: "<img onerror='doEvilThing()' src='/404' />", collision: "none" } ); will call the doEvilThing() function.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library used by drupal. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library used by drupal. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS selector. A workaround is to not accept the value of the altField option from untrusted sources.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Shopware is open source e-commerce software. contain a cross-site scripting vulnerability. This issue is patched Two workarounds are available. Using the security plugin or adding a particular following config to the .htaccess file will protect against cross-site scripting in this case. There is also a config for those using nginx as a server. The plugin and the configs can be found on the GitHub Security Advisory page for this vulnerability.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various *Text options are now always treated as pure text, not HTML. A workaround is to not accept the value of the *Text options from untrusted sources.

Improper Input Validation

Go Ethereum is the official Golang implementation of the Ethereum protocol. A vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

Improper Neutralization

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known workarounds aside from upgrading.

Cross-Site Request Forgery (CSRF)

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go.This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. No user details are leaked, nor is any user data affected, this is simply an annoyance at worst. This is fixed

Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui

Impact rucio-webui installations of the 1.26 release line potentially leak the contents of cookies to other sessions within a wsgi container. Impact is that Rucio authentication tokens are leaked to other users accessing the webui within a close timeframe, thus allowing users to access the webui with the leaked authentication token. Privileges are therefore also escalated. Rucio server / daemons are not affected by this issue, it is isolated to …

Arbitrary command execution on Windows via qutebrowserurl: URL handler

Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers it as a handler for certain URL schemes. With some applications such as Outlook Desktop, opening a specially crafted URL can lead to argument injection, allowing execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as :spawn or :debug-pyeval. Only Windows installs where qutebrowser is registered as URL handler are affected. It does not have …

Use of a Broken or Risky Cryptographic Algorithm

References written in markdown are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times.