Xzzz111

**Name of the Vulnerable Software and Affected Versions** Turms IM Server versions prior to 0.10.0-SNAPSHOT **Description** The software contains a flaw in access control related to querying user online status. An authenticated user can access online status, device information, and login timestamps of any user without authorization. The `handleQueryUserOnlineStatusesRequest()` method within the `UserServiceController.java` file is affected. **Recommendations** Update to a version newer than 0.10.0-SNAPSHOT.

**Name of the Vulnerable Software and Affected Versions** Turms AI-Serving module versions prior to 0.10.0-SNAPSHOT **Description** The software has an issue with how it handles file uploads in the OCR image upload functionality. The system does not properly check the actual content of uploaded files, relying only on the file extension and Content-Type header provided by the client. This allows an attacker to upload malicious files, such as executables or scripts, disguised as images by setting the Content-Type header to "image/*". The `OcrController` class, specifically in the file `turms-ai-serving/src/main/java/im/turms/ai/domain/ocr/controller/OcrController.java`, uses the `@FormData(contentType = MediaTypeConst.IMAGE)` annotation, which is insufficient for proper validation. This bypass could lead to server-side code execution, stored cross-site scripting (XSS), or information disclosure, depending on how the uploaded files are handled. **Recommendations** Versions prior to 0.10.0-SNAPSHOT should be updated.

**Name of the Vulnerable Software and Affected Versions** Turms AI-Serving module versions prior to v0.10.0 **Description** The software contains an image decompression bomb denial of service issue. The `ExtendedOpenCVImage` class in `ai/djl/opencv/ExtendedOpenCVImage.java` uses OpenCV’s `imread()` function to load images without validating dimensions or pixel count before decompression. A crafted compressed image file (e.g., PNG) can expand to gigabytes of memory when loaded, causing memory exhaustion, an OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. **Recommendations** Versions prior to v0.10.0 should be updated.

**Name of the Vulnerable Software and Affected Versions** Turms versions through 0.10.0-SNAPSHOT **Description** A Cross Site Request Forgery (CSRF) issue exists in the Turms Admin API. Successful exploitation could allow attackers to gain escalated privileges. The API endpoints and vulnerable parameters are not specified. The function names are not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Turms Server versions prior to 0.10.0-SNAPSHOT **Description** The software stores administrator passwords in plaintext within memory, specifically in the `rawPassword` field of `AdminInfo` objects, to improve authentication speed. This bypasses the bcrypt protection normally used. An attacker with local system access could obtain these passwords through methods like memory dumps or heap analysis. **Recommendations** Update to a version newer than 0.10.0-SNAPSHOT.

**Name of the Vulnerable Software and Affected Versions** Takes versions through 2.0-SNAPSHOT **Description** The Takes web framework’s TkFiles component does not properly sanitize HTTP request paths before using them to access the filesystem. This allows a remote attacker to use "../" sequences within the request path to bypass the intended base directory and potentially read arbitrary files from the system. The `TkFiles` take is the affected component. **Recommendations** Update to a version beyond 2.0-SNAPSHOT.