Retpoline

**Name of the Vulnerable Software and Affected Versions** RabbitMQ versions 4.2.0 through 4.2.3 **Description** The MQTT plugin in RabbitMQ allows topic-level authorization using regular expressions with variable substitution. When administrators use patterns like ^{client id}-sensors$ to restrict access, the `client id` provided by the user in the MQTT CONNECT packet is inserted into the regex pattern without escaping special characters. This allows an authenticated MQTT user to inject regex operators and bypass authorization. **Recommendations** Update to version 4.2.4 or 4.3.0.

**Name of the Vulnerable Software and Affected Versions** LibreChat versions prior to 0.8.2-rc2 **Description** LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.2-rc2, the MCP stdio transport does not validate commands, allowing authenticated users to execute shell commands as root inside the container via a single API request. The vulnerability allows for remote code execution. The affected component is the MCP stdio transport. The API request allows arbitrary command execution. The vulnerable parameter is not specified. **Recommendations** LibreChat versions prior to 0.8.2-rc2 should be updated to version 0.8.2-rc2.

**Name of the Vulnerable Software and Affected Versions** GtkRadiant version 1.6.6 **Description** A buffer overflow issue was found in the q3map2 component, which can lead to a Denial of Service (DoS) when a crafted MAP file is processed. **Recommendations** For GtkRadiant version 1.6.6, consider avoiding the use of crafted MAP files until a patch is available. As a temporary workaround, restrict access to the q3map2 component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libMeshb version 7.61 **Description** A buffer overflow in the GmfOpenMesh() function allows attackers to cause a Denial of Service (DoS) via a crafted MESH file. **Recommendations** For libMeshb version 7.61, as a temporary workaround, consider disabling the GmfOpenMesh() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: rakibtg Docker Dashboard versions prior to 2021-02-28 Description: The issue allows command injection in backend/utilities/terminal.js via shell metacharacters in the `command` parameter of an API request. This is not a Docker, Inc. product. Recommendations: For versions prior to 2021-02-28, update to a version released after 2021-02-28 to resolve the issue. As a temporary workaround, consider restricting access to the `backend/utilities/terminal.js` file to minimize the risk of exploitation. Avoid using shell metacharacters in the `command` parameter of API requests until the issue is resolved.