Masashi Yamane

**Name of the Vulnerable Software and Affected Versions** web2py versions 2.24.1 and earlier **Description** A command injection vulnerability exists in the product. When configured to use notifySendHandler for logging, a crafted web request may execute an arbitrary OS command on the web server. This issue arises due to the lack of neutralization of special elements. **Recommendations** For versions 2.24.1 and earlier, consider disabling the notifySendHandler for logging until a patch is available to prevent potential exploitation. Restrict access to the web server to minimize the risk of arbitrary OS command execution. Avoid using the product with the vulnerable configuration to reduce the risk of command injection attacks.

**Name of the Vulnerable Software and Affected Versions** SHIRASAGI versions prior to 1.18.0 **Description** The issue allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution. This is due to a path traversal vulnerability. **Recommendations** For versions prior to 1.18.0, update to version 1.18.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories on the server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Python versions 3.11 through 3.11.4 **Description** The issue is related to the `os.path.normpath()` function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as filenames that would have been rejected for security reasons in earlier Python versions may no longer be rejected in Python 3.11.x. The vulnerability can be exploited by inserting null bytes into a path, potentially allowing a remote attacker to compromise the integrity of protected information. There are plausible cases where an application's allowlisting can be circumvented if a path with null bytes is constructed to pass the allowlist but then changes to the targeted resource after truncation. **Recommendations** For Python versions 3.11 through 3.11.4, consider avoiding the use of the `os.path.normpath()` function with paths that may contain null bytes until a patch is available. As a temporary workaround, validate and sanitize paths before passing them to `os.path.normpath()` to prevent unexpected truncation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Starlette versions 0.13.5 through 0.27.0 **Description** The issue is related to a directory traversal vulnerability in Starlette, which allows a remote unauthenticated attacker to view files in a web service built using Starlette. This is due to the incorrect limitation of the path name to a restricted directory. The vulnerability can be exploited to breach confidentiality and obtain files that should not be publicly accessible. **Recommendations** For Starlette versions 0.13.5 through 0.27.0, consider disabling the `StaticFiles` directory or restricting access to it until a patch is available. As a temporary workaround, avoid using the `os.path.commonprefix()` function and instead use `os.path.commonpath()` to prevent path traversal attacks. Update to a version of Starlette that uses `os.path.commonpath()` to fix the issue.

**Name of the Vulnerable Software and Affected Versions** Tornado versions 6.3.1 and earlier **Description** The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This is related to the use of open redirect in the Tornado web framework. **Recommendations** For Tornado versions 6.3.1 and earlier, as a temporary workaround, consider restricting access to the affected URL endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Nome do software vulnerável e versões afetadas** Versões do a-blog cms anteriores à 2.8.75 Versões do a-blog cms anteriores à 2.9.40 Versões do a-blog cms anteriores à 2.10.44 Versões do a-blog cms anteriores à 2.11.42 Versões do a-blog cms anteriores à 3.0.1 **Descrição** A vulnerabilidade permite que um invasor remoto autenticado injete um script arbitrário por meio de vetores não especificados, o que pode levar a um ataque de cross-site scripting. **Recomendações** Para versões anteriores à 2.8.75, atualize para a versão 2.8.75 ou posterior. Para versões anteriores à 2.9.40, atualize para a versão 2.9.40 ou posterior. Para versões anteriores à 2.10.44, atualize para a versão 2.10.44 ou posterior. Para versões anteriores à 2.11.42, atualize para a versão 2.11.42 ou posterior. Para versões anteriores à 3.0.1, atualize para a versão 3.0.1 ou posterior.

**Nome do software vulnerável e versões afetadas** Aplicativo Jimoty para Android em versões anteriores à 3.7.42 **Descrição** O problema diz respeito ao uso de uma chave de API codificada de forma rígida para um serviço externo no aplicativo. Isso poderia permitir que a chave de API fosse obtida através da análise dos dados do aplicativo, levando potencialmente a um acesso não autorizado. **Recomendações** Para o aplicativo Jimoty para Android em versões anteriores à 3.7.42, atualize para a versão 3.7.42 ou posterior para resolver o problema.