Aryma-F4

**Name of the Vulnerable Software and Affected Versions** Vikunja versions prior to 2.2.0 **Description** The software is susceptible to a denial-of-service (DoS) condition triggered by unbounded image decoding and resizing during preview generation. An attacker can exploit this by providing a highly compressed but extremely large-dimension image. The initial preview generation for each attachment can consume significant CPU and memory resources. Multiple attachments or concurrent requests can lead to service degradation or crashes. The issue stems from the lack of input validation on image dimensions during the decoding and resizing process, specifically within the `GetPreview` function, the resizing path, and the API endpoint `/api/v1/task attachment`. The vulnerability can be triggered by uploading a 10,000x10,000 PNG image, which expands to approximately 100MB in memory during decoding and causes substantial CPU load during resizing. The first preview request performs the heavy work, but subsequent requests are served from a cache. A proof-of-concept (POC) script utilizing `curl` and `python3` (Pillow) demonstrates the generation of a large PNG image, its upload, and the subsequent request for an 'xl' preview, recording timing and memory metrics. **Recommendations** Versions prior to 2.2.0 should be updated to a fixed version. Implement input validation to reject images exceeding maximum width, height, or total pixels. Consider adding per-user and per-attachment rate limiting for preview generation. Implement asynchronous preview generation with throttling and backpressure. Configure a cache eviction strategy to prevent repeated heavy processing.

**Nome do Software Vulnerável e Versões Afetadas** OneUptime (versões afetadas não especificadas) **Descrição** O endpoint 'resend-verification-code' no OneUptime permite que um usuário autenticado acione o reenvio de um código de verificação para qualquer registro `UserWhatsApp` pelo seu `itemId`. Existe uma falha crítica porque o sistema não valida a propriedade do registro `UserWhatsApp` antes de permitir a operação de reenvio, ao contrário do endpoint 'verify'. Isso impacta o endpoint `UserWhatsAppAPI.ts` e o serviço `UserWhatsAppService.ts`. Um atacante com uma conta válida e token de acesso pode explorar isso para solicitar repetidamente códigos de verificação para o número de WhatsApp de qualquer usuário, potencialmente levando a spam, negação de serviço, ataques de engenharia social ou bloqueio de conta. O endpoint de API vulnerável é `/api/user-whats-app/resend-verification-code`, que aceita um payload JSON contendo o `itemId` do registro `UserWhatsApp` alvo. O parâmetro vulnerável é `itemId`. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Wallos versions prior to 4.6.2 **Description** Wallos is a self-hostable personal subscription tracker. A server-side request forgery condition exists in the notification testers functionality. This allows for potentially malicious requests to be made on the server. **Recommendations** Update to version 4.6.2 or later.