Dwisiswant0

**Name of the Vulnerable Software and Affected Versions** Rack versions 3.1.0 through 3.1.4 Rack versions prior to 2.0.9.4 Rack versions prior to 2.1.4.4 Rack versions prior to 2.2.8.1 Rack versions prior to 3.0.9.1 **Description** A Regular Expression Denial of Service (ReDoS) vulnerability exists in the `Rack::Request::Helpers` module when parsing HTTP Accept headers. This vulnerability can be exploited by an attacker sending specially crafted `Accept-Encoding` or `Accept-Language` headers, causing the server to spend excessive time processing the request and leading to a Denial of Service (DoS). **Recommendations** For Rack versions 3.1.0 through 3.1.4, upgrade to version 3.1.5 to receive the fix. For Rack versions prior to 2.0.9.4, apply the 2-0-header-redos.patch or upgrade to version 2.0.9.4. For Rack versions prior to 2.1.4.4, apply the 2-1-header-redos.patch or upgrade to version 2.1.4.4. For Rack versions prior to 2.2.8.1, apply the 2-2-header-redos.patch or upgrade to version 2.2.8.1. For Rack versions prior to 3.0.9.1, apply the 3-0-header-redos.patch or upgrade to version 3.0.9.1. As a temporary workaround, consider restricting access to the `Rack::Request::Helpers` module until a patch is available. Avoid using the `Accept-Encoding` and `Accept-Language` headers in the affected API endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** RSSHub (affected versions not specified) **Description** RSSHub is an open source RSS feed generator that is vulnerable to Server-Side Request Forgery (SSRF) attacks. This issue allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL, potentially gaining access to sensitive information that would not normally be accessible and amplifying the impact of the attack. For example, an attacker can use URL-encoded characters, such as `%2F` and `%23`, to modify the base URL and send requests to internal or other servers or resources on the network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** teler versions prior to 2.0.0-rc.4 **Description** The teler dashboard is vulnerable to DOM-based cross-site scripting (XSS) when it requests messages from the event stream on the "/events" endpoint, and the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can be exploited if the log contains a DOM scripting payload. **Recommendations** For versions prior to 2.0.0-rc.4, upgrade to version v2.0.0-rc.4 or later. As a temporary workaround, consider deactivating the live event dashboard from the configuration file.

**Name of the Vulnerable Software and Affected Versions** sharp versions prior to 0.30.5 **Description** The issue is related to a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG CONFIG PATH` environment variable in a build environment, they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. **Recommendations** For sharp versions prior to 0.30.5, update to version 0.30.5 to resolve the issue. As a temporary workaround, consider restricting access to the `PKG CONFIG PATH` environment variable in the build environment to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** gh-ost versions prior to 1.1.3 **Description** The issue is related to an arbitrary file read vulnerability. It requires the attacker to have access to the target host or trick an administrator into executing a malicious gh-ost command, along with network access from the host running gh-ost to the attacker's malicious MySQL server. The `-database` parameter does not properly sanitize user input, leading to arbitrary file reads. This is considered a low severity vulnerability. **Recommendations** For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `-database` parameter to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: node-windows versions prior to 1.0.0-beta.6 Description: The issue allows command injection via the `PID` parameter in the `lib/cmd.js` file of the node-windows package for Node.js. Recommendations: For versions prior to 1.0.0-beta.6, update to version 1.0.0-beta.6 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: calibre versions prior to 5.32.0 Description: The issue is related to a regular expression in `html preprocess rules` within the `ebooks/conversion/preprocess.py` file that is vulnerable to ReDoS (Regular Expression Denial of Service). This could potentially lead to a denial of service. Recommendations: For versions prior to 5.32.0, update to version 5.32.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `html preprocess rules` function in `ebooks/conversion/preprocess.py` until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Git-it versions through 4.4.0 Description: The issue allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name, which is not sanitized for execution. Recommendations: For versions through 4.4.0, as a temporary workaround, consider disabling the execution of the reflog command with unsanitized branch names until a patch is available. Restrict access to the Branches Aren't Just For Birds challenge step to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: naholyr github-todos version 3.1.0 Description: The issue concerns a command injection vulnerability. Specifically, the `range` argument for the ` hook` subcommand is concatenated without validation and directly used by the `exec` function. This lack of validation allows for potential command injection attacks. Recommendations: For naholyr github-todos version 3.1.0, consider disabling the ` hook` subcommand until a patch is available to prevent exploitation of the command injection vulnerability. Restrict access to the `exec` function to minimize the risk of exploitation. Avoid using the `range` argument in the affected subcommand until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xmlquery versions prior to 1.3.1 **Description** The issue allows attackers to cause a denial of service (SIGSEGV) or possibly have other unspecified impacts due to the lack of a check for whether a LoadURL response is in the XML format. This can also cause a panic due to nil pointer deference if the loaded resource is not XML, potentially serving as a denial of service vector if user-supplied URLs are loaded. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LoadURL function to minimize the risk of exploitation, especially when loading user-supplied URLs.