ghsa

A command injection vulnerability affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.

### Impact `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `[email protected],[email protected]`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim's e-mail addresses. The attacker could then login as a newly created user with the email being `[email protected],[email protected]`. This means that basic authorization like `email.endsWith("@victim.com")` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. ### Patches We patched this vulnerability in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can furthe...

Fava before 1.22.3 is vulnerable to reflected cross-site scripting due to improper validation on filter conversion.

[node-fetch](https://www.npmjs.com/package/node-fetch) is a light-weight module that brings window.fetch to node.js. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `isOriginPotentiallyTrustworthy()` function in `referrer.js`, when processing a URL string with alternating letters and periods, such as `'http://' + 'a.a.'.repeat(i) + 'a'`.

graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.

In Eclipse Californium versions 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

### GraphQL behaviour Nested fragment in GraphQL might be quite hard to handle depending on the implementation language. Some language support natively a max recursion depth. However, on most compiled languages, you should add a threshold of recursion. ```graphql # Infinite loop example query { ...a } fragment a on Query { ...b } fragment b on Query { ...a } ``` ### POC TLDR With max_size being the number of nested fragment generated. At max_size=7500, it should instantly raise:  However, with a lower size, you will overflow the memory after some iterations. ### Reproduction steps (Juniper) ``` git clone https://github.com/graphql-rust/juniper.git cd juniper ``` Save this POC as poc.py ```python import requests import time import json from itertools import permutations print('=== Fragments POC ===') url = 'http://localhost:8080/graphql' max_size = 7500 perms = [''.join(p) for p in permutations('abcefghijk')] perms = perms[:m...

### Impact An authenticated Admin user could craft HTTP requests to filter users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. Only when using `AUTH_DB` database authentication option. ### Patches Fixed on 4.1.3 ### For more information If you have any questions or comments about this advisory: * Open an issue in [example link to repo](http://example.com) * Email us at [example email address](mailto:[email protected])

### Impact Eval injection possible if the shop is vulnerable to an SQL injection. ### Patches The problem is fixed in version 1.7.8.7 ### Workarounds Delete the MySQL Smarty cache feature by removing these lines in the file `config/smarty.config.inc.php` lines 43-46 (PrestaShop 1.7) or 40-43 (PrestaShop 1.6): ```php if (Configuration::get('PS_SMARTY_CACHING_TYPE') == 'mysql') { include _PS_CLASS_DIR_.'Smarty/SmartyCacheResourceMysql.php'; $smarty->caching_type = 'mysql'; } ```