Ubercomp

**Name of the Vulnerable Software and Affected Versions** Collabora Online - Built-in CODE Server (richdocumentscode) versions prior to 23.5.602 **Description** The issue is related to the Collabora Online - Built-in CODE Server (richdocumentscode) running without chroot sandboxing, making it susceptible to attacks via modified client->server commands. This can allow overwriting files outside the subdirectory provided for the transient session, with access limited to files the server process can access. The bug was fixed in release 23.5.602. **Recommendations** For versions prior to 23.5.602, upgrade to release 23.5.602 or later to resolve the issue. There are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** workerd versions prior to v1.20230419.0 **Description** The FormData API implementation in workerd was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the `forEach()` method could end up reading from the wrong location in memory while iterating over elements, potentially leading to a segmentation fault or arbitrary undefined behavior. To be exploitable, the process would need to allocate 160GB of RAM, and an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use `request.formData()` to parse the request and `formData.forEach()` to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low. **Recommendations** For versions prior to v1.20230419.0, update to version v1.20230419.0 or later to address the vulnerability. As a temporary workaround, consider restricting the use of the `forEach()` method on large FormData instances to minimize the risk of exploitation. Avoid using `request.formData()` to parse large form-encoded HTTP requests until the issue is resolved. Restrict access to deployments of workerd running on machines with a huge amount of memory to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ruby-openid versions prior to 2.2.2 **Description** The issue allows remote OpenID providers to cause a denial of service, specifically CPU consumption, through two methods: (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack. XEE attack refers to a type of attack that exploits the use of external entities in XML documents to cause a denial of service. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the size of XRDS documents and disabling XML Entity Expansion to minimize the risk of exploitation.