Edoardo Geraci

**Name of the Vulnerable Software and Affected Versions** Kdenlive versions prior to 26.04.1 **Description** An issue exists where the software allows the injection of dangerous proxy parameters when a project file controlled by an attacker is used. **Recommendations** Update to version 26.04.1.

**Name of the Vulnerable Software and Affected Versions** Feathersjs versions 5.0.39 and below **Description** Feathersjs is a framework used for building web APIs and real-time applications. A flaw exists where the redirect query parameter is added to the base origin without proper validation. This allows attackers to steal access tokens through URL authority injection, potentially leading to full account takeover. The application builds the redirect URL by combining the base origin with a user-provided redirect parameter. This is exploitable when origins do not end with a forward slash (/). An attacker can provide a malicious redirect value, such as `@attacker.com`, resulting in a URL like `https://target.com@attacker.com#access token=...`. The browser then interprets `attacker.com` as the host, enabling the attacker to obtain the victim's access token and impersonate them. **Recommendations** Update to version 5.0.40 or later.

**Name of the Vulnerable Software and Affected Versions** Feathersjs versions 5.0.39 and below **Description** Feathersjs is a framework used for building web APIs and real-time applications. A flaw in origin validation, specifically using the `startsWith()` function for comparison, allows attackers to bypass origin checks. This bypass is possible by registering a domain that shares a common prefix with an allowed origin. The `getAllowedOrigin()` function inadequately validates the prefix of the Referer header against allowed origins. An attacker can initiate the OAuth flow from an unauthorized origin and potentially steal tokens, leading to full account takeover. **Recommendations** Update to version 5.0.40 or later.

**Name of the Vulnerable Software and Affected Versions** Feathersjs versions 5.0.39 and below **Description** Feathersjs is a framework used for building web APIs and real-time applications. Versions 5.0.39 and below store all HTTP request headers in a session cookie that is signed but not encrypted. This can expose internal proxy/gateway headers to clients. The OAuth service stores the complete headers object in the session, which is then persisted using cookie-session and base64-encoded. While the cookie is signed, the data is readable by decoding the base64 value. In certain deployment configurations, such as those behind reverse proxies or API gateways, this can lead to the disclosure of sensitive internal infrastructure details like API keys, service tokens, and internal IP addresses. The issue involves the storage of sensitive information in the session cookie, specifically impacting the handling of HTTP request headers and OAuth service data. **Recommendations** Update to version 5.0.40 or later.

Name of the Vulnerable Software and Affected Versions: HAProxy versions 2.2 through 3.1.6 Description: The issue is related to a heap-based buffer overflow in certain uncommon configurations due to the mishandling of the replacement of multiple short patterns with a longer one. This occurs in the sample conv regsub function. Recommendations: For HAProxy versions 2.2 through 3.1.6, consider updating to a version that includes a fix for the sample conv regsub heap-based buffer overflow issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.