Omer Kaspi

**Name of the Vulnerable Software and Affected Versions** OkHttp (affected versions not specified) **Description** The issue allows for a Denial of Service (DoS) of the OkHttp client when using a BrotliInterceptor and accessing a malicious web server, or when an attacker can perform a Man-in-the-Middle (MitM) attack to inject a Brotli zip-bomb into an HTTP response. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Cassandra versions prior to 3.0.26 Apache Cassandra versions prior to 3.11.12 Apache Cassandra versions prior to 4.0.2 **Description** The issue is related to the incorrect management of code generation in Apache Cassandra, which can allow an attacker to execute arbitrary code on the host. This can be achieved by exploiting a specific configuration scenario where user-defined functions (UDFs) are enabled, allowing the attacker to effectively utilize the Nashorn JavaScript engine to escape the sandbox and execute unreliable code. The configuration that makes Cassandra vulnerable includes the following parameters in cassandra.yaml: enable user defined functions: true, enable scripted user defined functions: true, and enable user defined functions threads: false. When the enable user defined functions threads parameter is set to false, all invoked UDF functions are executed in the Cassandra daemon, which has a security manager with some permissions, thus allowing the attacker to disable the security manager, escape the sandbox, and run arbitrary shell commands on the server. **Recommendations** For Apache Cassandra versions prior to 3.0.26, update to version 3.0.26 or later. For Apache Cassandra versions prior to 3.11.12, update to version 3.11.12 or later. For Apache Cassandra versions prior to 4.0.2, update to version 4.0.2 or later. As a temporary workaround, consider disabling the `enable user defined functions` and `enable scripted user defined functions` configurations to minimize the risk of exploitation. Restrict access to the `cassandra.yaml` file to prevent modifications that could enable the vulnerable configuration.

**Name of the Vulnerable Software and Affected Versions** TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier **Description** TensorFlow's `saved model cli` tool is vulnerable to a code injection as it calls `eval` on user supplied strings. This can be used by attackers to run arbitrary code on the platform where the CLI tool runs. However, given that the tool is always run manually, the impact of this is not severe. **Recommendations** For versions prior to 2.7.0, update to TensorFlow 2.7.0 or later. For versions 2.6.1 and earlier, update to TensorFlow 2.6.1 or later. For versions 2.5.2 and earlier, update to TensorFlow 2.5.2 or later. For versions 2.4.4 and earlier, update to TensorFlow 2.4.4 or later. As a temporary workaround, consider adding the `safe` flag with `True` value when using the `saved model cli` tool until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BE126 WIFI repeater version 1.0 **Description** The issue allows attackers to read the entire filesystem on the device. This is achieved by using a crafted `getpage` parameter, enabling local file disclosure (LFD). **Recommendations** For BE126 WIFI repeater version 1.0, avoid using the `getpage` parameter until a fix is available. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** T&W WIFI Repeater BE126 version not specified **Description** The issue allows remote authenticated users to execute arbitrary code via shell metacharacters in the `user` parameter to "cgi-bin/webupg". **Recommendations** For T&W WIFI Repeater BE126, avoid using the `user` parameter in the "cgi-bin/webupg" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.