Moonster8282

**Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.33.4 **Description Budibase, an open-source low-code platform, contains a server-side request forgery (SSRF) vulnerability in its REST datasource connector. The platform's SSRF protection is ineffective because the `BLACKLIST IPS` environment variable is not set by default in official deployment configurations. When this variable is empty, the blacklist function always returns false, allowing unrestricted requests. This allows access to internal services. **Recommendations Update Budibase to version 3.33.4 or later.

**Name of the Vulnerable Software and Affected Versions** Froxlor versions prior to 2.3.4 **Description** Froxlor is open source server administration software. A typo in the input validation code (using '==' instead of '=') disables email format checking for settings fields designated as email type. This allows an authenticated administrator to store arbitrary strings in the `panel.adminmail` setting. This value is then incorporated into a shell command executed as root by a cron job, with the pipe character '|' explicitly permitted. This results in root-level Remote Code Execution. The issue stems from a comparison operator being used instead of an assignment operator, effectively bypassing validation. The `panel.adminmail` setting is used in a shell command executed by a cron job, allowing for command injection. **Recommendations** Versions prior to 2.3.4 should be updated to version 2.3.4.