Cokebeer

**Name of the Vulnerable Software and Affected Versions** Dragonfly versions prior to 2.0.9 **Description** The issue concerns Dragonfly, an open-source P2P-based file distribution and image acceleration system. It uses JWT to verify users, but the secret key for JWT is hardcoded, leading to authentication bypass. An attacker can perform any action as a user with admin privileges. **Recommendations** For versions prior to 2.0.9, upgrade to version 2.0.9 to fix the issue. As a temporary workaround, consider restricting access to sensitive features or functions that rely on the hardcoded JWT secret key until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and RMM versions 128317 and below **Description** The issue concerns an authenticated SQL injection vulnerability in the URL monitoring feature. **Recommendations** For versions 128317 and below, consider restricting access to the URL monitoring feature until a fix is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Spring Cloud Data Flow (affected versions not specified) Description: The issue is related to improper sanitization for upload paths in the Skipper server, allowing a malicious user with access to the server API to write arbitrary files to any location on the file system. This could potentially compromise the server. The vulnerability is associated with unlimited file uploads of dangerous types, which can be exploited by a remote attacker to write arbitrary files. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** go-zero versions prior to 1.4.4 **Description** The issue concerns the CORS Filter feature in go-zero, which allows users to specify an array of domains allowed in the CORS policy. However, the `isOriginAllowed` function uses `strings.HasSuffix` to check the origin, leading to a bypass via a malicious domain. This can break CORS policy, allowing any page to make requests and retrieve data on behalf of other users. **Recommendations** For versions prior to 1.4.4, update to version 1.4.4 to resolve the issue. As a temporary workaround, consider disabling the `isOriginAllowed` function or restricting the use of the CORS Filter feature until a patch is available. Avoid using the `strings.HasSuffix` method to check the origin in the CORS Filter configuration.

**Name of the Vulnerable Software and Affected Versions** Hertzbeat versions prior to 1.4.1 **Description** Hertzbeat is an open-source, real-time monitoring system that uses aviatorscript to evaluate alert expressions. Due to improper sanitization for alert expressions, a malicious user can use a crafted alert expression to execute any command on the Hertzbeat server. This issue allows a malicious user with access to the alert define function to execute any command in the Hertzbeat instance. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 to resolve the issue. As a temporary workaround, consider restricting access to the alert define function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Play With Docker versions 0.0.2 and prior **Description** Play With Docker is a browser-based Docker playground. The issue arises from incorrect CORS configuration, allowing an attacker to bypass the CORS policy by setting the origin header in an HTTP request to a malicious domain, such as `evil-play-with-docker.com`, which would then be echoed in the response header, successfully retrieving basic user information. **Recommendations** For versions 0.0.2 and prior, upgrade to the latest version to fix the issue. As a temporary workaround, consider restricting access to the `play-with-docker.com` domain to minimize the risk of exploitation. There are no known workarounds other than upgrading to the latest version.

**Name of the Vulnerable Software and Affected Versions** go-used-util versions prior to 0.0.34 **Description** The issue is a ZipSlip problem that occurs when using the fsutil package to unzip files. This can lead to path traversal when users use `zip.Unzip` to unzip zip files from a malicious attacker. **Recommendations** For versions prior to 0.0.34, upgrade to version 0.0.34 or above to fix the issue. As a temporary workaround, consider avoiding the use of the `zip.Unzip` function from the `github.com/dablelv/go-huge-util/zip` package until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** PanIndex versions prior to 3.1.3 **Description** The issue concerns a hard-coded JWT key `PanIndex` used in PanIndex. This allows an attacker to sign a JWT token and perform actions with admin privileges. **Recommendations** For versions prior to 3.1.3, update to version 3.1.3 to resolve the issue. As a temporary workaround for versions prior to 3.1.3, consider changing the JWT key in the source code before compiling the project.

**Name of the Vulnerable Software and Affected Versions** Lancet versions prior to 2.1.10 Lancet versions prior to 1.3.4 **Description** The issue is a ZipSlip problem that occurs when using the fileutil package to unzip files. This can be exploited when using the `fileutil` package. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For versions prior to 2.1.10, upgrade to version 2.1.10 or above. For versions prior to 1.3.4, upgrade to version 1.3.4 or above. As a temporary workaround, consider avoiding the use of the `fileutil` package to unzip files until a patch is applied.