David Fifield

**Name of the Vulnerable Software and Affected Versions** WordPress versions 4.1 through 4.1.40 WordPress versions 4.2 through 4.2.37 WordPress versions 4.3 through 4.3.33 WordPress versions 4.4 through 4.4.32 WordPress versions 4.5 through 4.5.31 WordPress versions 4.6 through 4.6.28 WordPress versions 4.7 through 4.7.28 WordPress versions 4.8 through 4.8.24 WordPress versions 4.9 through 4.9.25 WordPress versions 5.0 through 5.0.21 WordPress versions 5.1 through 5.1.18 WordPress versions 5.2 through 5.2.20 WordPress versions 5.3 through 5.3.17 WordPress versions 5.4 through 5.4.15 WordPress versions 5.5 through 5.5.14 WordPress versions 5.6 through 5.6.13 WordPress versions 5.7 through 5.7.11 WordPress versions 5.8 through 5.8.9 WordPress versions 5.9 through 5.9.9 WordPress versions 6.0 through 6.0.8 WordPress versions 6.1 through 6.1.6 WordPress versions 6.2 through 6.2.5 WordPress versions 6.3 through 6.3.4 WordPress versions 6.4 through 6.4.4 WordPress versions 6.5 through 6.5.4 **Description** The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a Path Traversal vulnerability. This allows Relative Path Traversal in Automattic WordPress. **Recommendations** For WordPress versions 4.1 through 4.1.40, update to a version outside of this range. For WordPress versions 4.2 through 4.2.37, update to a version outside of this range. For WordPress versions 4.3 through 4.3.33, update to a version outside of this range. For WordPress versions 4.4 through 4.4.32, update to a version outside of this range. For WordPress versions 4.5 through 4.5.31, update to a version outside of this range. For WordPress versions 4.6 through 4.6.28, update to a version outside of this range. For WordPress versions 4.7 through 4.7.28, update to a version outside of this range. For WordPress versions 4.8 through 4.8.24, update to a version outside of this range. For WordPress versions 4.9 through 4.9.25, update to a version outside of this range. For WordPress versions 5.0 through 5.0.21, update to a version outside of this range. For WordPress versions 5.1 through 5.1.18, update to a version outside of this range. For WordPress versions 5.2 through 5.2.20, update to a version outside of this range. For WordPress versions 5.3 through 5.3.17, update to a version outside of this range. For WordPress versions 5.4 through 5.4.15, update to a version outside of this range. For WordPress versions 5.5 through 5.5.14, update to a version outside of this range. For WordPress versions 5.6 through 5.6.13, update to a version outside of this range. For WordPress versions 5.7 through 5.7.11, update to a version outside of this range. For WordPress versions 5.8 through 5.8.9, update to a version outside of this range. For WordPress versions 5.9 through 5.9.9, update to a version outside of this range. For WordPress versions 6.0 through 6.0.8, update to a version outside of this range. For WordPress versions 6.1 through 6.1.6, update to a version outside of this range. For WordPress versions 6.2 through 6.2.5, update to a version outside of this range. For WordPress versions 6.3 through 6.3.4, update to a version outside of this range. For WordPress versions 6.4 through 6.4.4, update to a version outside of this range. For WordPress versions 6.5 through 6.5.4, update to a version outside of this range.

**Name of the Vulnerable Software and Affected Versions** Squid versions 2.x through 4.8 **Description** The issue is related to incorrect data management in HTTP Digest Authentication processing, leading to information disclosure. Nonce tokens contain raw byte values of pointers within heap memory allocation, which reduces ASLR protections and may aid attackers in isolating memory areas for remote code execution attacks. This vulnerability allows a remote attacker to access confidential data. **Recommendations** For Squid versions 2.x through 4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.101.3 **Description** The issue is related to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. It is also associated with incorrect cleanup or release of resources, which can be exploited by an attacker to cause a denial of service by sending specially crafted messages to the vulnerable system. **Recommendations** For ClamAV versions prior to 0.101.3, update to version 0.101.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation. Avoid processing untrusted zip files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to improper input validation in the RubyGems specification homepage attribute, which can result in a malicious gem setting an invalid homepage URL. This can lead to incorrect URL formation due to the improper handling of HTTP/FTP request parameters. Exploitation of this issue may allow a remote attacker to compromise data integrity. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version later than 2.7.6.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions prior to 2.7.6 **Description** The issue is related to a Cross Site Scripting (XSS) vulnerability in the gem server display of the homepage attribute. This vulnerability can be exploited when a victim browses to a malicious gem on a vulnerable gem server, potentially allowing a remote attacker to cause a denial of service. The vulnerability is related to the `homepage` attribute. **Recommendations** For versions prior to 2.7.6, update to version 2.7.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the gem server to minimize the risk of exploitation. Avoid browsing to untrusted gems on vulnerable gem servers until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to a Directory Traversal vulnerability in the `install location` function of `package.rb`. This vulnerability can result in path traversal when writing to a symlinked basedir outside of the root. The vulnerability exists due to incorrect restriction of the directory path name with limited access. Exploitation of the vulnerability may allow a remote attacker to access arbitrary files. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a revision later than 62422 or to a version later than 2.7.6. As a temporary workaround, consider restricting access to the `install location` function of `package.rb` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to an Improper Verification of Cryptographic Signature vulnerability in package.rb, which can result in a mis-signed gem being installed. This occurs because the tarball would contain multiple gem signatures. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version newer than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version newer than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version newer than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version newer than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version newer than 2.7.6.

**Name of the Vulnerable Software and Affected Versions** RubyGems versions 2.2.9 and earlier RubyGems versions 2.3.6 and earlier RubyGems versions 2.4.3 and earlier RubyGems versions 2.5.0 and earlier RubyGems prior to trunk revision 62422 **Description** The issue is related to the deserialization of untrusted data in the owner command of the RubyGems package management system. This can be exploited by an attacker to execute arbitrary code using a specially crafted YAML file. The attack requires the victim to run the `gem owner` command on a gem with the malicious YAML file. **Recommendations** For RubyGems versions 2.2.9 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.3.6 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.4.3 and earlier, update to a version later than 2.7.6. For RubyGems versions 2.5.0 and earlier, update to a version later than 2.7.6. For RubyGems prior to trunk revision 62422, update to a version later than 2.7.6. As a temporary workaround, consider avoiding the use of the `gem owner` command on untrusted gems until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.8.4 **Description** A stack consumption issue in CoreAnimation allows remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash, via a crafted text glyph in a URL encountered by Safari. **Recommendations** For Apple Mac OS X versions prior to 10.8.4, update to version 10.8.4 or later to resolve the issue.