Shaolin

**Name of the Vulnerable Software and Affected Versions** web2py versions prior to 2.14.1 **Description** The issue allows remote attackers to obtain environment variable values by making a direct request to "examples/template examples/beautify". This can potentially be leveraged to gain administrative access. **Recommendations** For versions prior to 2.14.1, update to version 2.14.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "examples/template examples/beautify" endpoint until the update is applied.

**Name of the Vulnerable Software and Affected Versions** web2py versions prior to 2.14.2 **Description** The issue allows remote attackers to execute arbitrary code via vectors involving the use of a hardcoded encryption key when calling the `session.connect` function. This could potentially lead to unauthorized access and control of the system. **Recommendations** For versions prior to 2.14.2, update to version 2.14.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `session.connect` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** web2py versions prior to 2.14.2 **Description** The issue allows remote attackers to obtain the session cookie key value via a direct request to "examples/simple examples/status". This can be leveraged to execute arbitrary code. **Recommendations** For versions prior to 2.14.2, update to version 2.14.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "examples/simple examples/status" endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** web2py versions prior to 2.14.2 **Description** The issue allows remote attackers to execute arbitrary code by leveraging knowledge of encryption key, potentially through deserialization of session information stored in cookies using the `pickle.loads` function in gluon/utils.py. Additionally, the sample web application might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the `session.connect` function. It is also possible for remote attackers to obtain the session cookie key value via a direct request to "examples/simple examples/status", which can be leveraged to execute arbitrary code. **Recommendations** For versions prior to 2.14.2, update to version 2.14.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `session.connect` function and the examples/simple examples/status endpoint until a patch is available. Avoid using hardcoded encryption keys in the sample web application.

**Name of the Vulnerable Software and Affected Versions** Sandstorm versions prior to 0.203 **Description** A remote attacker could bypass the organization restriction by using a comma in an `email-address` field. **Recommendations** For versions prior to 0.203, update to version 0.203 or later to resolve the issue. As a temporary workaround, consider restricting the use of commas in `email-address` fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sandstorm before build 0.203 **Description** The issue allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. This is due to the `findFilesToZip` function not filtering Line Feed (` `) characters in a directory name. **Recommendations** For Sandstorm before build 0.203, update to build 0.203 or later to resolve the issue. As a temporary workaround, consider restricting access to the sandbox backup function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Sandstorm versions prior to build 0.203 **Description** A Server Side Request Forgery issue exists in the install app process. A remote attacker may exploit this by providing a URL, potentially bypassing access control such as firewalls that prevent direct access to the URLs. **Recommendations** For versions prior to build 0.203, update to build 0.203 or later to resolve the issue. As a temporary workaround, consider restricting access to the install app process to minimize the risk of exploitation.