Cure53

Nome do Software Vulnerável e Versões Afetadas DOMPurify versões 2.5.3 a 2.5.8 DOMPurify versões 3.1.3 a 3.3.1 Descrição DOMPurify contém uma vulnerabilidade de cross-site scripting que permite que atacantes contornem a sanitização de atributos. Este contorno é obtido explorando elementos rawtext ausentes (noscript, xmp, noembed, noframes, iframe) dentro da expressão regular SAFE FOR XML. Atacantes podem injetar payloads, como </noscript><img src=x onerror=alert(1)>, em valores de atributos. Quando a saída sanitizada é inserida nesses contextos rawtext não protegidos, o payload JavaScript pode ser executado. Recomendações Atualize para uma versão do DOMPurify que inclua o commit 729097f.

**Nome do software vulnerável e versões afetadas** Versões do Docker Desktop anteriores à 4.34.3 **Descrição** O problema está relacionado à ausência de um mecanismo de codificação ou sanitização de saída no Docker Desktop, o que pode ser explorado por um invasor remoto para executar código arbitrário, injetando-o por meio de um link de código-fonte do GitHub não sanitizado na visualização “Build”. Isso permite a execução remota de código. **Recomendações** Para versões do Docker Desktop anteriores à 4.34.3, atualize para a versão 4.34.3 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso à visualização Build ou evitar o uso de links de código-fonte do GitHub até que a atualização seja aplicada.

Nome do software vulnerável e versões afetadas: Versões do Docker Desktop anteriores à 4.34.2 Descrição: Existe uma vulnerabilidade de execução remota de código (RCE) por meio de extensões maliciosas criadas para os parâmetros `publisher-url`/`additional-urls`, que poderiam ser exploradas por uma extensão maliciosa. Esse problema pode ser explorado para executar código remotamente. Recomendações: Para versões do Docker Desktop anteriores à 4.34.2, atualize para a versão 4.34.2 ou posterior para resolver o problema. Como solução temporária, considere restringir o uso de extensões ou desativar os recursos `publisher-url` e `additional-urls` até que um patch seja aplicado.

Nome do software vulnerável e versões afetadas: Versões do Docker Desktop anteriores à 4.34.2 Descrição: Existe uma vulnerabilidade de execução remota de código por meio de descrições de extensões ou registros de alterações maliciosamente criados, que poderia ser explorada por uma extensão maliciosa. Recomendações: Para versões do Docker Desktop anteriores à 4.34.2, atualize para a versão 4.34.2 ou posterior para resolver o problema. Como solução temporária, considere desativar o uso de extensões no Docker Desktop até que um patch seja aplicado. Restrinja o acesso ao recurso de gerenciamento de extensões para minimizar o risco de exploração. Evite usar descrições de extensões ou registros de alterações maliciosos no Docker Desktop até que o problema seja resolvido.

**Name of the Vulnerable Software and Affected Versions** Docker Desktop versions 4.11.x **Description** The issue is related to a violation of trust boundaries in Docker Desktop, which can be exploited to potentially allow an attacker to elevate their privileges. This is achieved through IPC response spoofing, bypassing the --no-windows-containers flag, and may lead to Local Privilege Escalation (LPE). **Recommendations** For Docker Desktop version 4.11.x, consider disabling the IPC response feature until a patch is available to prevent potential exploitation. Restrict access to the Docker Desktop application to minimize the risk of privilege escalation. Avoid using the `--no-windows-containers` flag in affected versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Docker Desktop versions prior to 4.12.0 **Description** The issue is related to an argument injection to the installer in Docker Desktop on Windows, which may result in local privilege escalation. This allows an attacker to potentially elevate their privileges. **Recommendations** For Docker Desktop versions prior to 4.12.0, update to version 4.12.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the installer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions prior to 3.5.9 Mastodon versions prior to 4.0.5 Mastodon versions prior to 4.1.3 **Description** The issue is related to Mastodon's handling of outgoing HTTP queries, where a timeout is set on individual read operations. A malicious server can extend the response duration indefinitely through slowloris-type attacks, keeping all Mastodon workers busy and leading to the server becoming unresponsive. **Recommendations** For versions prior to 3.5.9, update to version 3.5.9 or later. For versions prior to 4.0.5, update to version 4.0.5 or later. For versions prior to 4.1.3, update to version 4.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 1.3 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 **Description** The issue is related to the processing of oEmbed data in Mastodon, which can allow an attacker to bypass HTML sanitization and include arbitrary HTML in oEmbed preview cards. This can introduce a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. An attacker can use carefully crafted oEmbed data to exploit this issue. **Recommendations** For Mastodon versions 1.3 through 3.5.8, update to version 3.5.9 or later. For Mastodon versions 4.0.0 through 4.0.4, update to version 4.0.5 or later. For Mastodon versions 4.1.0 through 4.1.2, update to version 4.1.3 or later. As a temporary workaround, consider restricting the use of oEmbed preview cards until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 3.5.0 through 3.5.8 Mastodon versions 4.0.0 through 4.0.4 Mastodon versions 4.1.0 through 4.1.2 **Description** The issue arises from a flaw in the media processing code, allowing attackers to create arbitrary files at any location using carefully crafted media files. This can lead to Denial of Service and arbitrary Remote Code Execution. The vulnerability is caused by an error in input validation when handling directory traversal sequences. **Recommendations** For Mastodon versions 3.5.0 through 3.5.8, update to version 3.5.9 or later. For Mastodon versions 4.0.0 through 4.0.4, update to version 4.0.5 or later. For Mastodon versions 4.1.0 through 4.1.2, update to version 4.1.3 or later. As a temporary workaround, consider restricting access to the media processing code until a patch is applied. Avoid using the media file handler component until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sanitize versions 3.0.0 through 6.0.2 **Description** The issue is related to the Sanitize HTML and CSS sanitizer, which can be exploited by an attacker using carefully crafted input to sneak arbitrary HTML and CSS through the sanitizer. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. The exploitation is possible when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. **Recommendations** For Sanitize versions 3.0.0 through 6.0.2, consider the following: - Upgrade to Sanitize version 6.0.2 or later, which performs additional escaping of CSS in `style` element content. - Use a Sanitize config that doesn't allow `style` elements. - Use a Sanitize config that doesn't allow CSS at-rules. - Manually escape the character sequence `</` as `</` in `style` element content.

**Nome do software vulnerável e versões afetadas** Versões do Thunderbird anteriores à 78.9.1 **Descrição** O problema está relacionado à verificação incorreta de assinaturas criptográficas OpenPGP no Thunderbird. Se um usuário tiver importado anteriormente a chave OpenPGP de alguém e o proprietário da chave tiver estendido o período de validade da chave, mas a chave atualizada não tiver sido importada, um invasor pode enviar um e-mail com uma versão manipulada da chave contendo uma subchave inválida. Isso poderia fazer com que o Thunderbird tentasse usar a subchave inválida, resultando na falha no envio de e-mails criptografados para o proprietário da chave. **Recomendações** Para versões do Thunderbird anteriores à 78.9.1, atualize para a versão 78.9.1 ou posterior para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue allows an attacker to spoof the filename of an attachment, potentially leading to a user opening a remote attachment that is a different file type than expected. This is due to insufficient input validation. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue arises due to insufficient input validation, allowing a remote attacker to cause a denial of service by sending crafted message headers, which can cause the Thunderbird process to hang. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.5.2 **Description** The issue allows RSS fields to inject new lines into the created email structure, thereby modifying the message body. **Recommendations** For versions prior to 52.5.2, update to version 52.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.5.2 **Description** The issue allows crafted CSS in an RSS feed to leak and reveal local path strings, potentially containing user names. **Recommendations** For versions prior to 52.5.2, update to version 52.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.5.2 **Description** The issue allows execution of JavaScript in the parsed RSS feed when viewed as a website. This can occur through different viewing options, such as "View -> Feed article -> Website" or the standard "View -> Feed article -> default format". **Recommendations** For versions prior to 52.5.2, update to version 52.5.2 or later to resolve the issue.