V1Ktor0T

**Name of the Vulnerable Software and Affected Versions:** pREST versions prior to 2.0.0-rc3 **Description:** pREST (PostgreSQL REST) is an API that delivers an application on top of a Postgres database. Multiple SQL injection flaws exist due to insufficient input validation when constructing SQL queries. These vulnerabilities allow attackers to read sensitive files, steal credentials, and manipulate databases. Specifically, issues arise from string concatenation operations using unvalidated user input, improper handling of identifiers, and vulnerabilities in `tsquery` predicates and script templates. The `chkInvalidIdentifier` function's validation logic is also flawed, enabling injection attacks. Exploitation can lead to unauthorized access and modification of data, and potentially access to files on the underlying file system or execution of arbitrary commands. **Recommendations:** For versions prior to 2.0.0-rc3: - Prevent all string concatenation operations that use unvalidated or unsanitized user input. - Ensure that database identifiers (e.g., database and table names) only contain alphanumeric characters, dashes (`-`), and underscores (` `). - Remove the double-quote from the list of allowed characters during validation. - Update how query scripts are created and processed, recommending parametrized queries. - As a temporary workaround, consider disabling the vulnerable API endpoints until a patch is available. - Restrict access to the vulnerable modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Twisted versions prior to 24.7.0rc1 **Description** The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL, this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. The function reflects the destination URL in the HTML body without any output encoding, allowing an attacker to inject arbitrary HTML into the response's body, ultimately leading to an XSS attack. This issue can be exploited in Firefox, allowing malicious JavaScript to run in the context of the victim's session, leading to unauthorized access or modification of the victim's account and information. **Recommendations** For Twisted versions prior to 24.7.0rc1, update to version 24.7.0rc1 or later to fix the vulnerability. As a temporary workaround, consider restricting the use of the `redirectTo` function to minimize the risk of exploitation. Avoid using the `redirectTo` function with untrusted or user-controlled URLs until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SvelteKit versions prior to 1.15.1 **Description** The SvelteKit framework provides out-of-the-box cross-site request forgery (CSRF) protection. However, prior to version 1.15.1, this protection can be bypassed by specifying a different `Content-Type` header value, such as `text/plain`. This allows malicious requests to be submitted from third-party domains, potentially leading to execution of operations within the context of the victim's session and unauthorized access to users' accounts. **Recommendations** For SvelteKit versions prior to 1.15.1, update to version 1.15.1 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints that handle sensitive operations until the update is applied. Additionally, users who have implemented a `? method=` override feature in their `handle` hook should ensure that their implementation properly validates and handles requests with `PUT`, `PATCH`, and `DELETE` methods.