Thesmartshadow

**Name of the Vulnerable Software and Affected Versions** PyJWT versions 2.8.0 through 2.12.1 **Description** When verifying detached JWS tokens using the unencoded-payload option (`"b64": false`, RFC 7797), the software performs Base64URL decoding of the compact-serialization payload segment before enforcing detached-payload rules. Because the decoded payload is later discarded and replaced with the caller-provided `detached payload`, the middle segment can be used as a work amplifier. A remote client can provide an arbitrarily large Base64URL payload segment, forcing excessive CPU work and memory allocations regardless of whether the signature is valid. This results in an unauthenticated Denial of Service (DoS) against any endpoint verifying detached JWS. **Recommendations** Update to version 2.13.0.

**Name of the Vulnerable Software and Affected Versions** systeminformation versions 4.17.0 through 5.31.5 **Description** On Linux, the library is subject to command injection within the `networkInterfaces()` function. This occurs when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is retrieved internally from the output of the `nmcli device status` command. While the library sanitizes network interface names, it fails to apply the same sanitization to the parsed `connectionName` variable. This unsanitized variable is subsequently interpolated into three shell command strings executed via `execSync()`, allowing an attacker who can create or rename a NetworkManager connection profile to execute arbitrary shell commands with the privileges of the Node.js process. **Recommendations** Update to version 5.31.6. As a temporary workaround, restrict the ability of users to create or rename NetworkManager connection profiles on affected Linux systems.

**Name of the Vulnerable Software and Affected Versions** jq versions 1.8.1 and earlier **Description** jq accepts embedded NUL bytes in import paths at the jq-language level, but subsequently resolves those paths using C string operations during module and data-file lookup. This results in a mismatch between the logical import string validated by policy or audit code and the actual on-disk path that the software opens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CoreDNS versions prior to 1.14.3 **Description** CoreDNS is a DNS server that chains plugins. A denial-of-service issue exists in the DNS-over-HTTPS (DoH) GET path because it lacks early size validation for requests. A remote, unauthenticated attacker can send oversized requests to the '/dns-query' endpoint using the `dns` query parameter. The server performs expensive operations—including URL query parsing, base64 decoding via the `base64ToMsg()` function, and DNS message unpacking—before rejecting the request with a 400 Bad Request error. This process forces high CPU usage, large transient memory allocations, and elevated garbage-collection pressure, which can lead to degraded throughput and responsiveness or a complete denial of service, particularly on memory-constrained deployments. **Recommendations** Update to version 1.14.3. As a temporary workaround, restrict access to the '/dns-query' endpoint or implement a web application firewall (WAF) to limit the size of GET request targets and the `dns` parameter.

Name of the Vulnerable Software and Affected Versions RustFS versions prior to alpha.90 Description RustFS, a distributed object storage system built in Rust, had a missing authorization check in the multipart copy path (`UploadPartCopy`) before version alpha.90. This allowed a low-privileged user, lacking read access to objects in a victim bucket, to exfiltrate those objects by copying them into a multipart upload they control and then completing the upload. This compromised tenant isolation in multi-user or multi-tenant deployments. Recommendations Update to version alpha.90 or later.

**Name of the Vulnerable Software and Affected Versions** xmldom versions 0.6.0 and prior, and @xmldom/xmldom prior to versions 0.8.12 and 0.9.9 **Description** The `xmldom` library contains a flaw where attacker-controlled strings including the CDATA terminator `]]>` can be inserted into a `CDATASection` node. During serialization, the `XMLSerializer` emits the CDATA content without rejecting or safely splitting the terminator. This allows data intended as text to become active XML markup in the serialized output, enabling XML structure injection and potential manipulation of downstream business logic. The issue affects `Document.createCDATASection(data)`, `CharacterData.appendData()`, `CharacterData.replaceData()`, `CharacterData.insertData()`, and direct assignment to `.data` or `.textContent`. Parsing XML containing a CDATA section is not affected. Exploitation can lead to integrity violations of generated XML documents and potential business-logic injection in downstream consumers. **Recommendations** Update to xmldom version 0.6.0 or later. Update @xmldom/xmldom to version 0.8.12 or 0.9.9 or later.

**Name of the Vulnerable Software and Affected Versions** Zen C versions prior to 0.4.4 **Description** A stack-based buffer overflow exists in the Zen C compiler. This issue is due to a flaw in identifier mangling. By supplying a specially crafted Zen C source file (`.zc`) containing excessively long struct, function, or trait identifiers, an attacker can cause a compiler crash or potentially execute arbitrary code. The vulnerability affects the processing of identifiers within the compiler. **Recommendations** Update to Zen C version 0.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** pyLoad versions prior to 0.5.0b3.dev97 **Description** pyLoad, a free and open-source download manager written in Python, is affected by a path traversal issue. This occurs during password verification of specific encrypted 7z archives – those encrypted with non-encrypted headers. The issue allows for arbitrary file deletion outside of the intended extraction directory. The software derives an archive entry name from 7z listing output and incorrectly treats it as a filesystem path without restricting it to the extraction directory. **Recommendations** Update to version 0.5.0b3.dev97 or later.

**Name of the Vulnerable Software and Affected Versions** cpp-httplib versions prior to 0.35.0 **Description** cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Before version 0.35.0, the library does not enforce the payload size limit configured via `Server::set payload max length()` on decompressed request bodies when using `HandlerWithContentReader` with `Content-Encoding: gzip` or other supported encodings. A small compressed payload can expand beyond the configured limit, potentially leading to a denial of service through CPU or memory exhaustion. **Recommendations** Update to version 0.35.0 or later.

**Name of the Vulnerable Software and Affected Versions** Rack versions prior to 2.2.22 Rack versions prior to 3.1.20 Rack versions prior to 3.2.5 **Description** Rack’s `Rack::Directory` component generates HTML directory indexes with clickable links for each file entry. If a file exists with a basename starting with the `javascript:` scheme (for example, `javascript:alert(1)`), the generated index includes an anchor with an `href` attribute set to that scheme. Clicking this link executes JavaScript in the browser. This results in a client-side cross-site scripting (XSS) condition in directory listings generated by `Rack::Directory`. The issue occurs because the file basename is directly inserted into the `href` attribute without validation or normalization. The vulnerable component is `Rack::Directory`. **Recommendations** Update to Rack version 2.2.22 or later. Update to Rack version 3.1.20 or later. Update to Rack version 3.2.5 or later. Avoid exposing user-controlled directories via `Rack::Directory`. Apply a strict Content Security Policy (CSP) to reduce the impact of potential client-side execution issues. Restrict or sanitize uploaded filenames to disallow dangerous URI scheme prefixes.

**Name of the Vulnerable Software and Affected Versions** @digitalocean/do-markdownit versions through 1.16.1 **Description** The `callout` and `fence environment` plugins in the @digitalocean/do-markdownit package perform `.includes` substring matching if `allowedClasses` or `allowedEnvironments` is a string instead of an array. **Recommendations** @digitalocean/do-markdownit versions prior to 1.16.1 At the moment, there is no information about a newer version that contains a fix for this vulnerability.