Hakupiku

Name of the Vulnerable Software and Affected Versions: Astro versions prior to 5.13.2 Astro versions prior to 4.16.18 Description: Astro is a web framework for content-driven websites. The image optimization endpoint in projects deployed with on-demand rendering allows images from unauthorized third-party domains to be served. The `/ image` endpoint, which returns optimized versions of images, is affected. An attacker can bypass third-party domain restrictions by using a protocol-relative URL as the image source, such as `/ image?href=//example.com/image.png`. Recommendations: Update to Astro version 5.13.2 or later. Update to Astro version 4.16.18 or later.

**Name of the Vulnerable Software and Affected Versions** Querybook versions prior to 3.32.0 **Description** The issue concerns Querybook, a Big Data Querying UI that combines collocated table metadata and a simple notebook interface. Querybook's datadocs functionality uses a Websocket Server, allowing clients to update, delete, read cells, and watch the live status of query executions. The CORS setting currently allows all origins, which could result in cross-site websocket hijacking, enabling attackers to read, edit, or remove datadocs of the user. **Recommendations** For versions prior to 3.32.0, upgrade to version 3.32.0 to address the issue. As a temporary workaround, consider restricting access to the Websocket Server to minimize the risk of exploitation. Avoid using the datadocs functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Querybook versions prior to 3.31.2 **Description** The issue arises from the use of `dangerouslySetInnerHTML` when highlighting search results, which can trigger an XSS payload if the result contains malicious code. Additionally, during "query auto-suggestion", the suggested table names are set with `innerHTML`, leading to an XSS vulnerability. This occurs because the input to `dangerouslySetInnerHTML` is not sanitized for the data inside queries. **Recommendations** For versions prior to 3.31.2, update to version 3.31.2 to rectify the issue. As a temporary workaround, consider disabling the search result highlighting feature and the "query auto-suggestion" feature until the patch is applied. Restrict access to the `dangerouslySetInnerHTML` and `innerHTML` functions to minimize the risk of exploitation. Avoid using these functions with untrusted input until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Querybook versions prior to 3.31.1 Description: The issue is related to the Rich Text Editor component in Querybook, which fails to properly validate user input, allowing arbitrary URLs to be entered without necessary validation. This security flaw enables the use of the `javascript:` protocol, potentially triggering arbitrary client-side execution. In the most extreme case, an admin user could unknowingly click on a cross-site scripting URL, compromising admin role access to the attacker. Recommendations: For versions prior to 3.31.1, update to version 3.31.1 or later, as it includes a patch to rectify this issue. The fix is backward compatible and automatically fixes existing DataDocs. As a temporary workaround, consider manually checking each URL prior to clicking on them to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SoftwareX (affected versions not specified) **Description** The issue is related to the integrated oAuth Authorization Service, where functions with insufficient randomness were used to generate authorization tokens. This made authorization codes predictable for third parties, allowing them to intercept and take over the client authorization process, potentially compromising other users' accounts. The oAuth Authorization Service is not enabled by default. The implementation has been updated to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dgraph versions prior to v23.0.0 **Description** Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. Attackers must have access to the system the logs are stored on. **Recommendations** For versions prior to v23.0.0, upgrade to v23.0.0. For users unable to upgrade, store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`.

**Name of the Vulnerable Software and Affected Versions** NodeBB Forum Software versions prior to 1.19.7 NodeBB Forum Software versions prior to 2.0.0 **Description** The `utils.generateUUID` helper function in NodeBB Forum Software uses a cryptographically insecure pseudo-random number generator (`Math.random()`), which allows an attacker to calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB and enables an attacker to take over any account without the involvement of the victim. **Recommendations** For NodeBB Forum Software versions prior to 1.19.7, upgrade to version 1.19.7 or later. For NodeBB Forum Software versions prior to 2.0.0, upgrade to version 2.0.0 or later. As a temporary workaround, consider restricting access to the password reset functionality until a patch is applied. Note: There is no known workaround other than applying the patch sets listed above, which will fully patch the vulnerability.

**Name of the Vulnerable Software and Affected Versions** countly-server versions prior to 22.03.7 countly-server versions prior to 21.11.4 **Description** The issue is related to a weakness in the password recovery mechanism of countly-server, allowing a remote attacker to change a user's password and gain elevated privileges. An attacker who knows an account's email address/username and full name specified in the database can guess the password reset token, use this information to reset the password, and take over the account. **Recommendations** For versions prior to 22.03.7, update to version 22.03.7 or later for servers using the new user interface. For versions prior to 21.11.4, update to version 21.11.4 or later for servers using the old user interface.