There is a possible information disclosure / unintended method execution vulnerability in Action Pack when using the `redirect_to` or `polymorphic_url` helper with untrusted user input.

There is a possible DoS vulnerability in the Token Authentication logic in Action Controller. Impacted code uses `authenticate_or_request_with_http_token` or `authenticate_with_http_token` for request authentication.

There is a possible Denial of Service vulnerability in Action Dispatch. Carefully crafted `Accept` headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.

The `origin` parameter passed to some of the endpoints like `/trigger` is vulnerable to XSS. This is the same issue as CVE-2020-13944 and CVE-2020-17515 but the implemented fix did not fix the issue completely.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

This is similar to CVE-2021-22881. Specially crafted `Host` headers in combination with certain `allowed host` formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

An attacker can add or alter properties of an object via `__proto__` through the `mutate()` and `merge()` functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Insecure configuration of default ObjectMapper in `com.vaadin:flow-server` may expose sensitive data if the application also uses `@RestController`

Unsafe validation RegEx in `EmailValidator` class in `com.vaadin:vaadin-server` allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Improper URL validation in development mode handler in `com.vaadin:flow-server` allows attacker to request arbitrary files stored outside of intended frontend resources folder.

A non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:flow-server` allows attacker to guess a security token via timing attack.

A non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:vaadin-server` allows attacker to guess a security token via timing attack.

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process.

Unsafe validation RegEx in the `EmailField` component of `com.vaadin:vaadin-text-field-flow` allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

A vulnerability in OSGi integration in `com.vaadin:flow-server` allows attacker to access application classes and resources on the server via crafted HTTP request.

A Prototype pollution vulnerability in safe-flat allows an attacker to cause a denial of service and may lead to remote code execution.

Insecure configuration of default `ObjectMapper` in `com.vaadin:flow-server` may expose sensitive data if the application also uses `@RestController`

A non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:flow-server` allows attackers to guess a security token via a timing attack.

Improper URL validation in development mode handler in `com.vaadin:flow-server` allows attacker to request arbitrary files stored outside of intended frontend resources folder.

Unsafe validation RegEx in `EmailField` component of `com.vaadin:vaadin-text-field-flow` allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

The `Authentication.logout()` helper in `com.vaadin:flow-client` uses an incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

A vulnerability in the OSGi integration in `com.vaadin:flow-server` allows attackers to access application classes and resources on the server via crafted HTTP request.

Apache Superset allows for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Apache Superset allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

A non-constant-time comparison of CSRF tokens in endpoint request handler in `com.vaadin:flow-server`, and `com.vaadin:fusion-endpoint` allows attacker to guess a security token for Fusion endpoints via timing attack.

PHPMailer allows object injection through `Phar` deserialization via the `addAttachment` with a UNC pathname.

A cross-site scripting vulnerability exists in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack.

A cross-site scripting vulnerability exists in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack.

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, the `ConfigOpsController` lets the user perform management operations like querying the database or even wiping it out. While the `/data/remove` endpoint is properly protected with the `@Secured` annotation, the `/derby` endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql).

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, when configured to use authentication `-Dnacos.core.auth.enabled=true` it uses the `AuthFilter` servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server.

xz is a compression and decompression library focusing on the xz format completely written in Go. The function `readUvarint` used to read the xz container format may not terminate a loop provide malicous input. As a workaround, users can limit the size of the compressed file input to a reasonable size for their use case. The standard library recently had the same issue described in CVE-2020-16845.

A non-constant-time comparison of CSRF tokens in endpoint request handler in `com.vaadin:flow-server`, and `com.vaadin:fusion-endpoint` allows an attacker to guess a security token for Fusion endpoints via timing attack.

`Authentication.logout()` helper in `com.vaadin:flow-client` uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

Insecure configuration of default ObjectMapper in `com.vaadin:flow-server` may expose sensitive data if the application also uses e.g. `@RestController`

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953.

Non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:flow-server` allows attacker to guess a security token via timing attack.

Non-constant-time comparison of CSRF tokens in UIDL request handler in `com.vaadin:vaadin-server` allows attacker to guess a security token via timing attack

Improper URL validation in development mode handler in `com.vaadin:flow-server` allows attacker to request arbitrary files stored outside of intended frontend resources folder.

Vulnerability in OSGi integration in `com.vaadin:flow-server` allows attacker to access application classes and resources on the server via crafted HTTP request.

Non-constant-time comparison of CSRF tokens in endpoint request handler in `com.vaadin:flow-server` allows attacker to guess a security token for Fusion endpoints via timing attack.

Unsafe validation RegEx in `EmailValidator` class in com.vaadin:vaadin-server allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

Unsafe validation RegEx in EmailField component in `com.vaadin:vaadin-text-field-flow` allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.

An issue was discovered in Centreon-Web in Centreon Platform The anti-CSRF token generation is predictable, which might allow CSRF attacks that add an admin user.

The package browserslist from are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

In Gradle there is a vulnerability which can lead to information disclosure and/or dependency poisoning.

systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.

sopel-channelmgnt is a channelmgnt plugin for sopel.

In SaltStack Salt, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function (which executes popen unsafely).

`Authentication.logout()` uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

An issue was discovered in Jansson Due to a parsing error in `json_loads`, there's an out-of-bounds read-access bug.

The package postcss are vulnerable to Regular Expression Denial of Service (ReDoS) via `getAnnotationURL()` and `loadAnnotation()` in `lib/previous-map.js`.

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched

pgsync Syncing the schema with the `--schema-first` and `--schema-only` options is mishandled. For example, the sslmode connection parameter may be lost, which means that SSL would not be used.

A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

jose is an npm library providing a number of cryptographic operations.

Prototype pollution vulnerability in `safe-obj` allows an attacker to cause a denial of service and may lead to remote code execution.

This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process `exec` function without input sanitization.

Non-constant-time comparison of CSRF tokens in endpoint request handler allows attacker to guess a security token for Fusion endpoints via timing attack.

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server (Vaad ) (Vaad ) (Vaad ) (Vaad ) (Vaad ) allows attacker to guess a security token via timing attack.

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process `exec` function without input sanitization.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq allows a malicious user to inject properties into `Object.prototype`.

The package underscore from , from are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is not sanitized.

The xmlhttprequest-ssl package for Node.js disables SSL certificate validation by default, because `rejectUnauthorized` (when the property exists but is undefined) is considered to be false within the `https.request` function of Node.js. In other words, no certificate is ever rejected.

The package postcss from are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbone-query-parameters allows a malicious user to inject properties into Object.prototype.

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions.

jose-browser-runtime is an npm package which provides a number of cryptographic functions.

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions.

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process `exec` function without input sanitization.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl allows a malicious user to inject properties into `Object.prototype`.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more allows a malicious user to inject properties into `Object.prototype`.

An issue was discovered in giflib DumpScreen2RGB in `gif2rgb.c` has a heap-based buffer over-read.

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam allows a malicious user to inject properties into `Object.prototype`.

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process `exec` function without input sanitization.