All versions of ftp-srv are vulnerable to Server-Side Request Forgery (SSRF). The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to acces…
[localeval] Sandbox Breakout / Arbitrary Code Execution in localeval
All versions of localeval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through constructor.constructor. This may allow attackers to execute arbitrary code in the system. Ev…
[html-pdf-chrome] Server-Side Request Forgery in html-pdf-chrome
All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as <iframe src=”http://localhost” height=”800px” width=”800px…
[markdown] Regular Expression Denial of Service in markdown
All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the p…
8月タブレットブラウザシェア、Safariが増加
Net Applicationsから2020年8月のタブレットにおけるWebブラウザのシェアが発表さ…
8月モバイルブラウザシェア、ChromeとSamsung Browser増加
Net Applicationsから2020年8月のモバイルブラウザのシェアが発表された。2020年…
[symfony/symfony] RCE in Symfony
Description
The CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class w…
Microsoft Edgeが増加 – 8月ブラウザシェア
Net Applicationsから2020年8月のデスクトップブラウザのシェアが発表された。202…
原田知世カバーAL第3弾リリース決定 細野晴臣、大貫妙子、小山田圭吾、土岐麻子とのデュエット曲も収録
原田知世が、ニュー・アルバム『恋愛小説3~You & Me』を10月14日にリリースすることが決定し…
[tuf] Incorrect threshold signature computation in TUF
Impact
Metadadata signature verification, as used in tuf.client.updater, counted each of multiple signatures with identical authorized keyids separately towards the threshold. Therefore, an attacker with access to a valid signing key could create mult…