Christ Bouchuen

**Name of the Vulnerable Software and Affected Versions** BrowserStack Runner versions prior to 0.9.6 **Description** An issue in the `/ log` HTTP handler allows unauthenticated network-adjacent attackers to execute arbitrary code on the host system. The handler processes JSON request bodies by passing user-supplied data to the `vm.runInNewContext()` function combined with `eval()`. Because the `vm` module is not a security mechanism, attackers can escape the Node.js sandbox by leveraging a host-context Function reference through `util.format` to access the host process via `this.constructor.constructor`. This allows for full remote code execution on the underlying system. The `/ log` endpoint is particularly susceptible as it does not require the UUID authentication used by other handlers like ` progress` and ` report`. **Recommendations** For versions prior to 0.9.6, remove the use of `eval()` and `vm.runInNewContext()` in the `/ log` handler and replace them with `JSON.stringify()` for safe logging. Implement UUID authentication for the `/ log` handler to match the security level of the ` progress` and ` report` handlers. Configure the HTTP server to bind to `127.0.0.1` instead of `0.0.0.0` to restrict network access. As a temporary mitigation, restrict network access to the `/ log` endpoint.

**Name of the Vulnerable Software and Affected Versions** Hedera Guardian versions prior to 3.5.2 **Description** An authentication bypass exists in the 'GET /api/v1/demo/registered-users' endpoint. This allows unauthenticated attackers to retrieve sensitive user information, including usernames, Hedera DIDs, parent registry DIDs, system roles, and policy role assignments for all registered users in the system. **Recommendations** Update to a version newer than 3.5.1. As a temporary workaround, restrict access to the 'GET /api/v1/demo/registered-users' endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions Hashgraph Guardian versions through 3.5.0 Description Hashgraph Guardian through version 3.5.0 has an unsandboxed JavaScript execution issue in the Custom Logic policy block worker. Authenticated Standard Registry users can execute arbitrary code by supplying JavaScript expressions directly to the Node.js Function() constructor without isolation. This allows attackers to import native Node.js modules to read arbitrary files from the container filesystem, access process environment variables containing sensitive credentials such as RSA private keys, JWT signing keys, and API tokens, and forge valid authentication tokens for any user, including administrators. Recommendations Update to a version later than 3.5.0.

**Name of the Vulnerable Software and Affected Versions** BrowserStack Runner versions 0.1.0 through 0.9.5 Notepad++ versions prior to 8.8.2 **Description** BrowserStack Runner contains a path traversal issue in the ` default` HTTP handler within `lib/server.js`. This allows unauthenticated network-adjacent attackers to access the HTTP server bound on all interfaces to traverse outside the project root and read arbitrary sensitive files. Notepad++ contains an issue where the installer allows unprivileged users to gain SYSTEM-level privileges due to insecure executable search paths. An attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable into the same directory, resulting in the automatic execution of the attack with SYSTEM privileges upon running the installer. **Recommendations** For BrowserStack Runner versions 0.1.0 through 0.9.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability. Update Notepad++ to version 8.8.2.