Zeyu2001

**Name of the Vulnerable Software and Affected Versions** AsmBB version 2.9.1 **Description** The issue is related to multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities were found in the MiniMag.asm and bbcode.asm libraries. **Recommendations** For AsmBB version 2.9.1, consider disabling the MiniMag.asm and bbcode.asm libraries until a patch is available. Restrict access to these libraries to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 **Description** The issue arises from the llhttp parser in the http module of Node.js not correctly handling multi-line Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS). **Recommendations** For versions prior to 14.20.1, update to version 14.20.1 or later. For versions prior to 16.17.1, update to version 16.17.1 or later. For versions prior to 18.9.1, update to version 18.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 **Description** The issue arises from the llhttp parser in the http module in Node.js, which does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). All versions of the nodejs 18.x, 16.x, and 14.x release lines are impacted. **Recommendations** For Node.js versions prior to 14.20.1, update to version 14.20.1 or later. For Node.js versions prior to 16.17.1, update to version 16.17.1 or later. For Node.js versions prior to 18.9.1, update to version 18.9.1 or later. As a temporary workaround, consider restricting access to the `http` module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 14.20.1 Node.js versions prior to 16.17.1 Node.js versions prior to 18.9.1 **Description** The issue is related to the llhttp parser in the http module in Node.js, which does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS), allowing a remote attacker to perform an attack. The LF character (without CR) is sufficient to delimit HTTP header fields in the llhttp parser, which contradicts RFC7230 section 3 that states only the CRLF sequence should delimit each header-field. **Recommendations** For versions prior to 14.20.1, update to version 14.20.1 or later. For versions prior to 16.17.1, update to version 16.17.1 or later. For versions prior to 18.9.1, update to version 18.9.1 or later.

**Name of the Vulnerable Software and Affected Versions** Node.js versions prior to 14.20.0 Node.js versions prior to 16.20.0 Node.js versions prior to 18.5.0 **Description** A OS Command Injection vulnerability exists in Node.js due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests, allowing rebinding attacks. The vulnerability is related to the IsIPAddress function, which lacks input validation measures. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 14.20.0, update to version 14.20.0 or later. For versions prior to 16.20.0, update to version 16.20.0 or later. For versions prior to 18.5.0, update to version 18.5.0 or later.

**Name of the Vulnerable Software and Affected Versions** medialize/uri.js versions prior to 1.19.11 **Description** The issue is related to CRHTLF, which can lead to invalid protocol extraction, potentially resulting in XSS. Specifically, characters such as `r`, ` `, and `t` in user-input URLs can cause incorrect protocol extraction when using the npm package urijs. This can be exploited to bypass security measures intended to prevent malicious javascript links from being passed into HTML or JavaScript. For example, an attacker could use a URL like `"jar vascript:alert(1)"` to execute malicious JavaScript code. **Recommendations** For versions prior to 1.19.11, update to version 1.19.11 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user-input URLs to prevent malicious characters from being injected. Additionally, restrict the use of the `urijs` module to trusted input only, until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** medialize/uri.js versions prior to 1.19.11 **Description** The issue arises when parsing a URL without a scheme and with excessive slashes, like ///www.example.com. Unlike browsers, which parse such URLs as http://www.example.com, the affected software parses the hostname as null and the path as /www.example.com. This discrepancy can lead to unexpected behavior, such as redirects to http://www.example.com. **Recommendations** For versions prior to 1.19.11, update to version 1.19.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mitmproxy versions 7.0.4 and below **Description** A malicious client or server can perform HTTP request smuggling attacks through mitmproxy. This means a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. **Recommendations** For mitmproxy versions 7.0.4 and below, update to mitmproxy 8.0.0 or above to fix the vulnerability. Unless mitmproxy is used to protect an HTTP/1 service, no action is required.

**Name of the Vulnerable Software and Affected Versions** Waitress versions 2.1.0 and prior **Description** The issue is related to the handling of HTTP requests in Waitress, a Web Server Gateway Interface server for Python 2 and 3. When used behind a proxy that does not properly validate incoming HTTP requests according to the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and ends. This can allow requests to be smuggled via the front-end proxy to Waitress, potentially leading to data integrity issues. Two classes of vulnerability contribute to this issue: the use of Python's `int()` to parse strings into integers, which can lead to incorrect parsing (e.g., `+10` being parsed as `10`, or `0x01` as `1`), and Waitress's handling of chunk extensions, where it discards them without validating for illegal characters. **Recommendations** For versions 2.1.0 and prior, upgrade to Waitress 2.1.1 to patch the vulnerability. As a temporary workaround, when deploying a proxy in front of Waitress, turn on all functionality to ensure the request matches the RFC7230 standard. However, certain proxy servers may not have this functionality, so upgrading to the latest version of Waitress is recommended.