Sajdakabir

**Name of the Vulnerable Software and Affected Versions** OpenReplay versions prior to 1.26.0 **Description** An Insecure Direct Object Reference (IDOR) exists in the self-hosted session replay suite due to a case mismatch in the `project id` variable. In the Enterprise Edition (EE) multi-tenant environment, the `ProjectAuthorizer. call ` function (located in `api/auth/auth project.py` and `ee/api/auth/auth project.py`) only performs authorization checks when the project identifier is in camelCase (`projectId`). Consequently, queries for the 'feature-flag' and 'assist-stats' routes filter only by `project id` and ignore the `tenant id`. This allows an authenticated user from one tenant to read, update, or delete feature-flag data belonging to another tenant by iterating through sequential integer values of `project id` and `feature flag id`. **Recommendations** Update to version 1.26.0.

**Name of the Vulnerable Software and Affected Versions** Budibase versions prior to 3.38.1 **Description** The REST datasource integration in the `packages/server/src/integrations/rest.ts` file follows HTTP redirects without re-validating the target URL against the IP blacklist. This allows an authenticated Builder to bypass security controls and access internal services, such as cloud metadata and databases, by redirecting requests through an attacker-controlled server. The issue occurs because the ` req()` function does not set the `redirect: "manual"` option, causing the system to automatically follow HTTP 301, 302, and 307 redirects without performing a secondary blacklist check on the redirect destination. **Recommendations** Update to version 3.38.1. As a temporary workaround, restrict access to the REST datasource integration to minimize the risk of internal service exposure.

**Name of the Vulnerable Software and Affected Versions** Hatchet versions prior to 0.83.39 **Description** A missing authorization directive on the 'GET /api/v1/stable/dags/tasks' endpoint caused the tenant-membership check to be skipped. An authenticated user on a multi-tenant instance could query this endpoint using another tenant's UUID and a DAG UUID belonging to that tenant to retrieve task metadata. The exposed data includes `display name`, `action id`, `step id`, `workflow id`, `workflow version id`, `workflow run id`, `task external id`, `tenant id`, `retry count`, `status`, timestamps, and `additional metadata`. The `additional metadata` field may contain sensitive domain context such as user identifiers, customer IDs, feature flags, or correlation tokens. **Recommendations** Upgrade to version 0.83.39 or later. Restrict account creation by setting `SERVER AUTH RESTRICTED EMAIL DOMAINS` to an allowlist of controlled domains. Ensure the API is not exposed to untrusted networks, such as by running the software inside a VPC with authenticated network controls.

**Name of the Vulnerable Software and Affected Versions** AnythingLLM versions prior to 1.12.1 **Description** The in-chat markdown renderer contains an unsafe custom rule for images that interpolates the markdown image `alt` text into an HTML `alt` attribute without HTML encoding. While most call-sites use `DOMPurify.sanitize()` for defense-in-depth, the `Chartable` component renders chart captions without sanitization. An attacker capable of influencing the LLM output—such as through indirect prompt injection in a shared workspace document or by creating a chart record in a multi-user workspace—can trigger stored DOM-level Cross-Site Scripting (XSS), which is a vulnerability allowing the execution of malicious scripts in a user's browser. The chat history is loaded via the 'GET /api/workspace/:slug/chats' endpoint and rendered in the UI. **Recommendations** Update to version 1.12.1.

**Name of the Vulnerable Software and Affected Versions** SiYuan versions prior to 3.6.2 **Description** A security flaw exists in SiYuan that allows a malicious website to achieve Remote Code Execution (RCE) on a desktop system running the application. This is possible due to a permissive CORS policy (`Access-Control-Allow-Origin: *` + `Access-Control-Allow-Private-Network: true`) which allows the injection of a JavaScript snippet via the API. The injected snippet executes within Electron's Node.js context, granting full operating system access when the user opens SiYuan's UI. The attack requires only a visit to the malicious website while SiYuan is running, and does not require any user interaction. The vulnerability resides in the CORS middleware (`kernel/server/serve.go`, lines 960-963) and the snippet injection endpoint (`kernel/api/snippet.go`, lines 93-128). The `Access-Control-Allow-Private-Network: true` header bypasses Chrome's Private Network Access protection, enabling cross-origin requests to the SiYuan API at `127.0.0.1:6806`. The authentication middleware check is bypassed because the browser sends the session cookie with the cross-origin request. An attacker can exploit this by sending a POST request to the `/api/snippet/setSnippet` API endpoint with a malicious JavaScript snippet, which is then saved and executed by SiYuan. This allows for arbitrary code execution, data exfiltration, and potential persistence on the affected system. **Recommendations** Update SiYuan to version 3.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** changedetection.io versions prior to 0.54.7 **Description** The `jq:` and `jqraw:` include filter expressions in changedetection.io allow the use of the jq `env` builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user, or an unauthenticated user when no password is set, can leak sensitive environment variables including `SALTED PASS`, `PLAYWRIGHT DRIVER URL`, `HTTP PROXY`, and any secrets passed as environment variables to the container. The vulnerability resides in the `html tools.py` file, specifically lines 380-388, where user-supplied jq filter expressions are compiled and executed without restricting dangerous jq builtins. The form validator only checks that the expression compiles, failing to block dangerous functions like `env`. This allows an attacker to create a watch for any JSON endpoint using `jqraw:env` as the include filter, which then exposes all environment variables in the processed text file. This can lead to secret exposure, infrastructure credential theft, and potential cascading access to other internal systems. **Recommendations** Update to changedetection.io version 0.54.7 or later.