Back to Blog
Cyberduck log4j vulnerability6/21/2023 ![]() A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. Wings is the server control plane for Pterodactyl Panel. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') Users unable to upgrade may make the `inspect` method readonly with `vm.readonly(inspect)` after creating a vm.Īvaya IX Workforce Engagement v15. This vulnerability was patched in the release of version `3.9.18` of `vm2`. As a result a threat actor can edit options for the `console.log` command. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node `inspect` method and edit options for `console.log`. Vm2 is a sandbox that can run untrusted code with Node's built-in modules. ![]() There are no known workarounds for this vulnerability. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. It abuses an unexpected creation of a host object based on the specification of `Proxy`. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. ![]() Gost (GO Simple Tunnel) is a simple tunnel written in golang. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. This occurs because a lets the original io.popen be accessed. LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an URL), and that package's author placed a ReDoS attack payload in a URL used by the package. Giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs.
0 Comments
Read More
Leave a Reply. |