Startr4Ck

Name of the Vulnerable Software and Affected Versions: weibocom rill-flow version 0.1.18 Description: A critical issue has been found, affecting an unknown function of the Management Console component. This issue leads to code injection and can be exploited remotely. The exploit has been disclosed publicly. Recommendations: For weibocom rill-flow version 0.1.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Tornado versions prior to 6.5.0 Description: The issue allows remote attackers to generate a high volume of logs, constituting a denial-of-service (DoS) attack, by exploiting Tornado's ``multipart/form-data`` parser when it encounters certain errors. The logging subsystem being synchronous compounds this DoS. The vulnerable parser is enabled by default. Recommendations: For versions prior to 6.5.0, upgrade to Tornado version 6.5.0 to receive a patch. As a temporary workaround, consider blocking `Content-Type: multipart/form-data` in a proxy to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Tencent Music Entertainment SuperSonic versions up to 0.9.8 **Description** A critical issue affects some unknown functionality of the file "/api/semantic/database/testConnect" of the component H2 Database Connection Handler, leading to code injection. The attack may be launched remotely. **Recommendations** For versions up to 0.9.8, as a temporary workaround, consider restricting access to the "/api/semantic/database/testConnect" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aizuda snail-job version 1.4.0 **Description** A critical vulnerability was found in the function `getRuntime` of the file `/snail-job/workflow/check-node-expression` of the component Workflow-Task Management Module. The manipulation of the argument `nodeExpression` leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For aizuda snail-job version 1.4.0, as a temporary workaround, consider disabling the `getRuntime` function until a patch is available. Restrict access to the `/snail-job/workflow/check-node-expression` file to minimize the risk of exploitation. Avoid using the argument `nodeExpression` in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPT Academic versions 3.91 and earlier **Description** The issue arises from the improper handling of soft links in GPT Academic. An attacker can exploit this by creating a malicious soft link file, packaging it into a tar.gz file, and uploading it to the server. When the file is decompressed and accessed, the soft link points to a target file on the victim server, allowing attackers to read all files on the server. **Recommendations** For versions 3.91 and earlier, update to a version that properly accounts for soft links to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature to minimize the risk of exploitation. Avoid using the file upload feature with untrusted sources until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: python-multipart versions prior to 0.0.18 Description: The issue arises when parsing form data, as python-multipart skips line breaks in front of the first boundary and any tailing bytes after the last boundary, one byte at a time, emitting a log event each time. This can cause excessive logging for certain inputs. An attacker could exploit this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread. In the case of an ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service. Recommendations: For python-multipart versions prior to 0.0.18, update to version 0.0.18 to resolve the issue. As a temporary workaround, consider restricting the amount of data that can be sent before the first or after the last boundary to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** chidiwilliams buzz version 1.1.0 **Description** A problematic vulnerability was found in the `download model` function of the `buzz/model loader.py` file. This issue leads to an insecure temporary file and can be exploited locally, with a high complexity of attack and difficult exploitation. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For version 1.1.0, as a temporary workaround, consider disabling the `download model` function until a patch is available. Restrict access to the `buzz/model loader.py` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.