Byamb4

**Name of the Vulnerable Software and Affected Versions** multer versions 2.0.0-alpha.1 through 2.1.1 multer version 3.0.0-alpha.1 **Description** A Denial of Service issue exists when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the `Readable.pipe()` call does not propagate the stream destroy signal to the underlying `fs.WriteStream`. This allows an attacker to exhaust disk space by triggering numerous aborted uploads. **Recommendations** Upgrade to version 2.2.0 for versions 2.0.0-alpha.1 through 2.1.1. Upgrade to version 3.0.0-alpha.2 for version 3.0.0-alpha.1.

**Name of the Vulnerable Software and Affected Versions** Handlebars versions 4.0.0 through 4.7.8 **Description** Handlebars is a templating engine that allows users to build semantic templates. Versions 4.0.0 through 4.7.8 contain a flaw in the `resolvePartial()` function within the Handlebars runtime. This function resolves partial names using a property lookup on `options.partials` without preventing prototype chain traversal. If `Object.prototype` is polluted with a string value matching a partial reference in a template, the polluted string is used as the partial body and rendered without HTML escaping, potentially leading to reflected or stored cross-site scripting (XSS). **Recommendations** Update to version 4.7.9 or later. Apply `Object.freeze(Object.prototype)` early in application startup. Use the Handlebars runtime-only build (`handlebars/runtime`).

**Name of the Vulnerable Software and Affected Versions** Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 **Description** Picomatch, a JavaScript glob matcher, contains a flaw where specially crafted POSIX bracket expressions, such as `[[:constructor:]]`, can inject inherited method names into generated regular expressions due to the `POSIX REGEX SOURCE` object inheriting from `Object.prototype`. This results in incorrect glob matching, potentially causing security-relevant logic errors in applications that rely on glob matching for filtering, validation, or access control. The issue does not allow for remote code execution. The vulnerability affects users of affected `picomatch` versions processing untrusted or user-controlled glob patterns. **Recommendations** Versions prior to 4.0.4 should be upgraded to version 4.0.4 or later. Versions prior to 3.0.2 should be upgraded to version 3.0.2 or later. Versions prior to 2.3.2 should be upgraded to version 2.3.2 or later. If upgrading is not immediately possible, avoid passing untrusted glob patterns to Picomatch. Sanitize or reject untrusted glob patterns, especially those containing POSIX character classes like `[[:...:]]`. Avoid using POSIX bracket expressions if user input is involved. Manually patch the library by modifying `POSIX REGEX SOURCE` to use a null prototype.

**Name of the Vulnerable Software and Affected Versions** Picomatch versions prior to 4.0.4 Picomatch versions prior to 3.0.2 Picomatch versions prior to 2.3.2 **Description** Picomatch, a glob matcher written in JavaScript, is susceptible to Regular Expression Denial of Service (ReDoS) when processing crafted extglob patterns. Specific patterns utilizing extglob quantifiers like `+()` and `*()`, particularly when combined with overlapping alternatives or nested extglobs, can be compiled into regular expressions that exhibit catastrophic backtracking on non-matching input. Applications allowing untrusted users to supply glob patterns to `picomatch` for compilation or matching are at risk. An attacker can potentially cause excessive CPU consumption and disrupt the Node.js event loop, leading to a denial of service. Applications using only trusted, developer-controlled glob patterns are less likely to be affected. **Recommendations** Versions prior to 4.0.4: Upgrade to version 4.0.4 or later. Versions prior to 3.0.2: Upgrade to version 3.0.2 or later. Versions prior to 2.3.2: Upgrade to version 2.3.2 or later. If upgrading is not immediately possible, avoid passing untrusted glob patterns to `picomatch`. Disable extglob support for untrusted patterns by using `noextglob: true`. Reject or sanitize patterns containing nested extglobs or extglob quantifiers such as `+()` and `*()`. Enforce strict allowlists for accepted pattern syntax. Run matching in an isolated worker or separate process with time and resource limits. Apply application-level request throttling and input validation for any endpoint that accepts glob patterns.

**Name of the Vulnerable Software and Affected Versions** music-metadata versions prior to 11.12.3 **Description** music-metadata is a metadata parser for audio and video media files. The ASF parser within music-metadata, specifically the `parseExtensionObject()` function in `lib/asf/AsfParser.ts:112-158`, can enter an infinite loop when processing an ASF Header Extension Object containing a sub-object with `objectSize` equal to 0. This occurs because the `ignore()` function within the tokenizer accepts negative values without validation, leading to a continuous re-reading of a 24-byte header. The affected methods are `parseFile()` and `parseBuffer()`. An estimated 2.2 million weekly npm downloads are potentially impacted. A crafted 100-byte .asf file can cause applications using `parseFile()` or `parseBuffer()` to hang indefinitely. The `parseStream()` function is not affected as it uses a different `ignore()` implementation that throws a RangeError. **Recommendations** Versions prior to 11.12.3 should be updated to version 11.12.3 or later.

**Name of the Vulnerable Software and Affected Versions** file-type versions 20.0.0 through 21.3.1 **Description** file-type detects the file type of a file, stream, or data. A crafted ZIP file can trigger excessive memory growth during type detection when using the `fileTypeFromBuffer()`, `fileTypeFromBlob()`, or `fileTypeFromFile()` APIs. The ZIP inflate output limit is enforced for stream-based detection, but not for known-size inputs. This allows a small compressed ZIP file to cause file-type to inflate and process a much larger payload while probing ZIP-based formats such as OOXML. This is an availability issue, potentially causing applications to consume large amounts of memory, become slow, or crash. The issue stems from different limits being applied to ZIP detection based on whether the tokenizer had a known file size. For known-size inputs, `Number.MAX SAFE INTEGER` was used instead of a more appropriate limit, allowing a crafted ZIP to bypass the intended inflate limit. A ZIP file of approximately 255 KB can cause about 257 MB of RSS growth during `fileTypeFromBuffer()` on version 21.3.1. The affected APIs are `fileTypeFromBuffer()`, `fileTypeFromBlob()`, and `fileTypeFromFile()`. **Recommendations** file-type versions 20.0.0 through 21.3.1 should be updated to version 21.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** flatted versions prior to 3.4.0 **Description** flatted is a circular JSON parser. The `parse()` function uses a recursive `revive()` phase to resolve circular references in deserialized JSON. When provided with a crafted payload containing deeply nested or self-referential `$` indices, the recursion depth becomes unbounded, leading to a stack overflow and crashing the Node.js process. This can result in a Denial of Service (DoS). The software has approximately 87 million weekly npm downloads and is used in many caching and logging libraries. The issue is triggered by passing untrusted input to the `flatted.parse()` function. A proof of concept demonstrates building a deeply nested circular reference chain to cause a stack overflow. The vulnerable component is the `parse()` function, which utilizes the `revive()` function. **Recommendations** Versions prior to 3.4.0 should be updated to version 3.4.0 or later.

**Name of the Vulnerable Software and Affected Versions** Locutus versions prior to 3.0.14 **Description** Locutus is a JavaScript library that aims to bring standard libraries from other programming languages to JavaScript for educational purposes. The `create function(args, code)` function in versions prior to 3.0.14 passes both parameters directly to the `Function` constructor without any sanitization. This allows for arbitrary code execution. The issue resides in the `src/php/funchand/create function.ts` file, specifically at line 17, where `new Function(...params, code)` is used without input validation. An attacker who can control either argument to `create function()` can achieve full remote code execution (RCE). Approximately 597,000 weekly npm downloads are potentially affected. A proof-of-concept (PoC) demonstrates the ability to execute system commands using `require("child process").execSync("id")` through the vulnerable function. This issue is distinct from CVE-2026-29091, which involved `call user func array` using `eval()` in older versions. **Recommendations** Update to Locutus version 3.0.14 or later. Remove the `create function` function. If removal is not possible, replace `new Function()` with a safe alternative.

**Name of the Vulnerable Software and Affected Versions** Pocket ID versions 2.0.0 through 2.4.0 **Description** A flaw in callback URL validation allowed crafted `redirect uri` values containing URL userinfo (`@`) to bypass legitimate callback pattern checks. If an attacker can trick a user into opening a malicious authorization link, the authorization code may be redirected to an attacker-controlled host. This issue affects an OpenID Connect (OIDC) provider, allowing users to authenticate with passkeys. **Recommendations** Update to version 2.4.0 or later. As a workaround, reject callback URLs containing userinfo (`@`) at the reverse proxy or application policy level if feasible.

**Name of the Vulnerable Software and Affected Versions** Plane versions prior to 1.2.3 **Description** The webhook URL validation in `plane/app/serializers/webhook.py` only checks if the IP address is loopback, allowing attackers with workspace ADMIN role to create webhooks pointing to private or internal network addresses such as `10.x.x.x`, `172.16.x.x`, `192.168.x.x`, and `169.254.169.254`. When webhook events are triggered, the server sends requests to these internal addresses and stores the response, enabling Server-Side Request Forgery (SSRF) with full response read-back. This can lead to cloud metadata exfiltration, internal service scanning, and data exfiltration via response logs. **Recommendations** Versions prior to 1.2.3 should be updated to version 1.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** SVGO versions 2.1.0 through 2.8.0 SVGO versions 3.0.0 through 3.3.2 SVGO versions prior to 4.0.1 **Description** SVGO is susceptible to a denial-of-service issue stemming from improper handling of XML custom entities. Specifically, the software does not adequately protect against entity expansion or recursion. A small, maliciously crafted XML file (approximately 811 bytes) can cause the application to stall or crash due to excessive memory consumption, resulting in a JavaScript heap out of memory error. The issue arises because SVGO utilizes an upstream XML parser that, by default, does not interpret custom XML entities. SVGO modifies the parser to support entities declared in the DOCTYPE, but this introduces the risk of exponential expansion when entities reference each other. This can be triggered when processing untrusted SVG input, potentially impacting server-side applications. **Recommendations** SVGO versions 2.1.0 through 2.8.0: Upgrade to version 2.8.1 or later. SVGO versions 3.0.0 through 3.3.2: Upgrade to version 3.3.3 or later. SVGO versions prior to 4.0.1: Upgrade to version 4.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Underscore.js versions prior to 1.13.8 **Description** Underscore.js, a JavaScript utility-belt library, contains an issue in the ` .flatten` and ` .isEqual` functions. These functions utilize recursion without a depth limit, potentially leading to a Denial of Service (DoS) attack through stack overflow. Exploitation requires an attacker to provide untrusted input that creates a recursive data structure, such as using `JSON.parse` without a depth limit. For ` .flatten`, the vulnerability is exploitable if the data structure consists of arrays at all levels and no finite depth limit is provided as an argument. For ` .isEqual`, exploitation requires comparing two distinct data structures submitted by the same client, for example, data stored in a database compared to newly submitted data, or parsing the same data twice. Exceptions resulting from the stack overflow are not handled. **Recommendations** Update Underscore.js to version 1.13.8 or later.

**Name of the Vulnerable Software and Affected Versions** wger versions prior to 2.4 **Description** wger is a free, open-source workout and fitness manager. An issue exists where three `nutritional values` action endpoints bypass user-scoped querysets via a raw ORM call, specifically `Model.objects.get(pk=pk)`. This allows any authenticated user to access another user's private nutrition plan data, including caloric intake and macro breakdown, by providing an arbitrary primary key (`pk`). The issue was addressed in commit 29876a1954fe959e4b58ef070170e81703dab60e. **Recommendations** Update to a version later than 2.4.

**Name of the Vulnerable Software and Affected Versions** wger versions prior to 2.4 **Description** wger is a free, open-source workout and fitness manager. Versions up to and including 2.4 improperly handle user data retrieval. The `RepetitionsConfigViewSet` and `MaxRepetitionsConfigViewSet` API endpoints return all users' repetition configuration data because the `get queryset()` function calls `.all()` instead of filtering by the authenticated user (`user`). This allows any registered user to enumerate the workout structure of every other user. The API endpoints involved are `RepetitionsConfigViewSet` and `MaxRepetitionsConfigViewSet`. The vulnerable function is `get queryset()`. **Recommendations** Update to a version later than 2.4.

**Name of the Vulnerable Software and Affected Versions** wger versions prior to 2.4 **Description** The software contains a flaw where routine detail action endpoints check a cache before verifying object ownership using `self.get object()`. Cache keys are scoped only by the primary key (`pk`) and do not include the user ID. This allows an attacker to retrieve cached responses for a routine's primary key without proper authorization, if the victim has previously accessed the routine via the API. The affected **API endpoints** are: '/api/v2/routine/{pk}/date-sequence-display/', '/api/v2/routine/{pk}/date-sequence-gym/', '/api/v2/routine/{pk}/structure/', '/api/v2/routine/{pk}/logs/', and '/api/v2/routine/{pk}/stats/'. The vulnerable variable used in the cache key construction is `routine id`. An attacker can potentially retrieve another user's routine details, including workout day sequences, exercise structure, training logs, and statistics, from the cache without ownership verification. The cache time-to-live (TTL) is one month. **Recommendations** Versions prior to 2.4: Include the user ID in the cache key construction to uniquely identify cached responses for each user. Alternatively, move the `self.get object()` function call before the cache lookup to ensure ownership is always verified first.

**Name of the Vulnerable Software and Affected Versions** Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 **Description** Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains an issue where the AI Agent API endpoint (`POST /apps/:appId`) lacks proper authorization checks. Authenticated users with access to specific applications can access the agent endpoint of any other application by modifying the `appId` in the URL. Read-only users are granted the full master key instead of the read-only master key, enabling them to perform write and delete operations by including write permissions in the request body. Only dashboards with the `agent` configuration enabled are affected. **Recommendations** Update to version 9.0.0-alpha.8 or later. As a workaround, remove the `agent` configuration block from your dashboard configuration.

**Name of the Vulnerable Software and Affected Versions** Parse Dashboard versions 7.3.0-alpha.42 through 9.0.0-alpha.7 **Description** Parse Dashboard, a standalone dashboard for managing Parse Server apps, contains security issues in the AI Agent API endpoint (`/apps/:appId/agent`). Versions 7.3.0-alpha.42 through 9.0.0-alpha.7 are affected by multiple vulnerabilities that, when combined, could allow attackers without authentication to perform arbitrary read and write operations on any connected Parse Server database using the master key. The agent feature must be enabled for the dashboard to be affected. The issue stems from a lack of authentication, Cross-Site Request Forgery (CSRF) validation, and per-app authorization on the agent endpoint. A cache key collision between the master key and read-only master key also contributed to the problem. **Recommendations** Versions 7.3.0-alpha.42 through 9.0.0-alpha.7: Remove or comment out the agent configuration block from your Parse Dashboard configuration.

**Name of the Vulnerable Software and Affected Versions** Karakeep version 0.30.0 **Description** Karakeep is an elf-hostable bookmark-everything app. Version 0.30.0 does not properly sanitize HTML content received from the Reddit metascraper plugin. Specifically, when the plugin returns `readableContentHtml`, the application directly uses this content in the HTML parsing subprocess without running it through DOMPurify. This unsanitized content is then injected into the application’s Document Object Model (DOM) via React’s `dangerouslySetInnerHTML`, potentially allowing malicious HTML to be executed in a user’s browser. **Recommendations** Update to version 0.31.0 to address this issue.

**Name of the Vulnerable Software and Affected Versions** InvenTree versions prior to 1.2.3 **Description** InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server uses a customizable jinja2 template, which can be modified by a staff user to exfiltrate sensitive information or perform code execution on the server. This issue requires access by a user with staff permissions, followed by a request to generate a custom batch code via the API. Once the template has been modified maliciously, the API call to generate a new batch code could be made by other users, and the template code will be executed with their user context. The batch code template is a configurable global setting which can be adjusted by any user with staff access. The vulnerable API endpoint is used to generate a new batch code. The vulnerable parameters are those used to customize the jinja2 template. **Recommendations** For InvenTree installations prior to 1.2.3, the `STOCK BATCH CODE TEMPLATE` and `PART NAME FORMAT` global settings should be overridden at the system level to prevent editing.

**Name of the Vulnerable Software and Affected Versions** OliveTin versions up to and including 3000.10.0 **Description** OliveTin, a tool designed to simplify shell command execution, has flaws in its shell command execution mechanism. The `checkShellArgumentSafety` function does not block the `password` argument type, allowing injection of shell metacharacters and arbitrary OS command execution. Additionally, webhook-extracted JSON values bypass type safety checks entirely before being passed to `sh -c`, leading to unauthenticated remote code execution (RCE) if the instance receives webhooks from external sources. Exploiting both vectors results in unauthenticated RCE on any OliveTin instance using Shell mode with webhook-triggered actions. The vulnerability stems from inadequate input validation and safety checks within the application. The vulnerable function is `checkShellArgumentSafety`. The vulnerable parameters are the `password` argument and webhook-extracted JSON values. **Recommendations** Versions prior to 3000.10.0 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.