Sam Sanoop

Name of the Vulnerable Software and Affected Versions: hackney versions 0.0.0 and later Description: The issue arises from improper parsing of URLs by the URI built-in module and hackney, leading to Server-side Request Forgery (SSRF). Given a URL like http://127.0.0.1?@127.2.2.2/, the URI function correctly identifies the host as 127.0.0.1, but hackney incorrectly refers to the host as 127.2.2.2/. This can be exploited when users rely on the URL function for host checking. Recommendations: For hackney versions 0.0.0 and later, consider disabling the URL parsing functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `URI` module for host checking in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 **Description** A code execution issue exists due to improper neutralization of special elements used in an OS command. This issue can be exploited by adding an untrusted Helm catalog or modifying the URL configuration used to download KDM, allowing for command injection in the underlying Rancher host. By default, only the Rancher admin has permission to manage these configurations. The issue can potentially be exploited in two ways: adding an untrusted Helm catalog that contains maliciously designed repo URL configuration in Helm charts, or modifying the URL configuration used to download KDM releases. **Recommendations** For SUSE Rancher versions prior to 2.5.17, update to version 2.5.17 or later. For SUSE Rancher versions prior to 2.6.10, update to version 2.6.10 or later. For SUSE Rancher versions prior to 2.7.1, update to version 2.7.1 or later. As a temporary workaround, consider only adding trusted catalogs and the KDM URL to Rancher.

**Name of the Vulnerable Software and Affected Versions** codecov versions prior to 2.0.16 **Description** The issue arises from the failure to sanitize `gcov` arguments before they are provided to the `popen` method. This lack of sanitization can lead to potential exploitation. **Recommendations** For versions prior to 2.0.16, update to version 2.0.16 or later to resolve the issue. As a temporary workaround, consider restricting the input to the `gcov` arguments to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** calipso (affected versions not specified) **Description** The issue allows a malicious module to overwrite files on an arbitrary file system through the module install functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iniparserjs (affected versions not specified) **Description** The issue relates to the concentration of arrays by ini parser.js. If user input is provided, an attacker can potentially overwrite and pollute the object prototype of a program. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** browserless-chrome versions prior to 1.43.0 **Description** The issue affects browserless-chrome, where user input from the "workspace endpoint" is used to create a file path `filePath`. This `filePath` is then fetched and sent back to the user, allowing for the potential to escape and fetch arbitrary files from a server. **Recommendations** For versions prior to 1.43.0, update to version 1.43.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the workspace endpoint to minimize the risk of exploitation. Avoid using user input to create file paths until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** @tsed/core versions prior to 5.65.7 **Description** This issue relates to the `deepExtend` function, part of the utils directory. Depending on user input, an attacker can overwrite and pollute the object prototype of a program. **Recommendations** For versions prior to 5.65.7, update to version 5.65.7 or later to resolve the issue. As a temporary workaround, consider restricting user input to prevent exploitation of the `deepExtend` function.

**Name of the Vulnerable Software and Affected Versions** agoo versions prior to 2.14.0 **Description** The issue allows request smuggling attacks when agoo is used as a backend and a frontend proxy is also vulnerable. This is due to incorrect parsing of `Content-Length` and `Transfer Encoding` headers, which can lead to HTTP pipelining issues and request smuggling attacks. It is possible to conduct HTTP request smuggling attacks where `agoo` is used as part of a chain of backend servers. Additionally, sending the `Content-Length` header twice or using invalid `Transfer Encoding` headers can be leveraged for TE:CL smuggling attacks. **Recommendations** For agoo versions prior to 2.14.0, update to version 2.14.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of `Content-Length` and `Transfer Encoding` headers in the affected API endpoints until a patch is available. Avoid using the `Content-Length` header twice in requests to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** reel versions 0.6.1 and earlier **Description** The issue allows for Request Smuggling attacks due to incorrect parsing of Content-Length and Transfer encoding headers. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Additionally, invalid Transfer Encoding headers are parsed as valid, which could be leveraged for TE:CL smuggling attacks. The project is deprecated and no longer maintained. **Recommendations** For versions 0.6.1 and earlier, as a temporary workaround, consider restricting the use of the Content-Length header and validating Transfer Encoding headers to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** utilitify versions prior to 1.0.3 **Description** The issue allows modification of object properties. Specifically, the `merge` method could be tricked into adding or modifying properties of the `Object.prototype`. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `merge` method until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** svg-sanitize versions prior to 0.13.1 **Description** The issue arises from the mishandling of the xlink namespace by the sanitizer, allowing bypass of svg-sanitize using the `xlink:href` attribute. **Recommendations** For versions prior to 0.13.1, update to version 0.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `xlink:href` attribute in the sanitizer until a patch is available.

**Name of the Vulnerable Software and Affected Versions** elliptic-php versions prior to 1.0.6 **Description** The issue allows for potential timing attacks, which under certain conditions, could lead to the practical recovery of the long-term private key generated by the library. This is due to the possible leakage of a bit-length of the scalar during scalar multiplication on an elliptic curve. **Recommendations** For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.