Simon Gerst

**Name of the Vulnerable Software and Affected Versions** Eclipse JGit versions 7.2.0.202503040940-r and older **Description** The ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol are vulnerable to XML External Entity (XXE) attacks when parsing XML files. This can lead to information disclosure, denial of service, and other security issues. **Recommendations** For Eclipse JGit versions 7.2.0.202503040940-r and older, consider disabling the `ManifestParser` class and the `AmazonS3` class until a patch is available. Restrict access to the experimental amazons3 git transport protocol to minimize the risk of exploitation. Avoid using the affected classes for parsing XML files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 128.0.6613.84 **Description** The issue is related to an inappropriate implementation in V8, which can allow a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. This can be exploited to execute arbitrary code. The vulnerability is associated with a buffer overflow in memory due to incorrect representation of the shift amount in 64-bit BigInt shift optimizations. **Recommendations** For Google Chrome versions prior to 128.0.6613.84, update to version 128.0.6613.84 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apache Gobblin versions <= 0.15.0 **Description** The issue is related to Apache Gobblin trusting all certificates used for LDAP connections in Gobblin-as-a-Service. This allows for potential security risks. **Recommendations** For Apache Gobblin versions <= 0.15.0, update to version 0.16.0 to address the issue.

**Name of the Vulnerable Software and Affected Versions** Zammad versions prior to 4.1.1 **Description** An issue in the Chat functionality allows XSS due to mishandled clipboard data. **Recommendations** For versions prior to 4.1.1, update to version 4.1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apache Fineract versions prior to 1.5.0 Description: The issue allows for a man-in-the-middle attack due to the disabling of HTTPS hostname verification in the `configureClient` method of `ProcessorHelper`. This could be successful under typical deployments. Recommendations: For versions prior to 1.5.0, update to version 1.5.0 or later to enable HTTPS hostname verification and prevent man-in-the-middle attacks.

Name of the Vulnerable Software and Affected Versions: Apache Calcite versions prior to 1.26 Description: The issue is related to the `HttpUtils#getURLConnection` method, which disables hostname verification for HTTPS connections, making clients vulnerable to man-in-the-middle attacks. This method is used internally by Apache Calcite to connect with Druid and Splunk, potentially leading to information leakage when using the respective Calcite adapters. The method's location in a utility class means it can be used to create vulnerable HTTPS connections for other applications. Recommendations: For Apache Calcite versions prior to 1.26, update to version 1.26 or later, where hostname verification will be performed using the default JVM truststore. As a temporary workaround, consider disabling the use of the `HttpUtils#getURLConnection` method until a patch is available. Restrict access to the vulnerable Calcite adapters for Druid and Splunk to minimize the risk of exploitation. Avoid using the vulnerable method to create HTTPS connections for other applications until the issue is resolved.