#js

An arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy any readable file from the server's filesystem. While attackers can't read these copied files, they can cause DoS by copying large files (like /dev/urandom) to fill disk space. ### Description The flagging component doesn't properly validate file paths before copying files. Attackers can send specially crafted requests to the `/gradio_api/run/predict` endpoint to trigger these file copies. **Source**: User-controlled `path` parameter in the flagging functionality JSON payload **Sink**: `shutil.copy` operation in `FileData._copy_to_dir()` method The vulnerable code flow: 1. A JSON payload is sent to the `/gradio_api/run/predict` endpoint 2. The `path` field within `FileData` object can reference any file on the system 3. When processing this request, the `Component.flag()` method creates a `GradioDataModel` object 4. The `FileData._copy_to_dir()` method uses this path without ...

### Summary A permission verification flaw in Navidrome allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. ### Details Navidrome supports transcoding functionality which, although disabled by default, should restrict configuration operations to administrators only. However, the application fails to properly validate whether a user has administrative privileges when handling transcoding configuration requests. The vulnerability exists in the API endpoints that manage transcoding settings. When a regular user sends requests to these endpoints, the application processes them without verifying if the user has administrative privileges, despite the JWT token clearly indicating the user is not an administrator (`"adm":false`). The affected endpoints include: - `POST /api/transcoding` (Create transcoding configuration) - `PUT /api/transcod...

## 🛡 **Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2** ### **Overview** This vulnerability arises due to improper input validation on the **`role`** parameter within the API endpoint **`/api/artist`**. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. --- ### **Details** * **Vulnerable Component**: API endpoint → `/api/artist` Parameter → `role` * **Vulnerability Type**: SQL Injection (stacked queries, UNION queries) * **Database Affected**: SQLite (confirmed exploitation via SQLite-specific payloads) * **Impact**: Successful exploitation allows an unauthenticated attacker to: * Execute arbitrary SQL commands * Extract or manipulate sensitive data (e.g., user records, playlists) * Potentially escalate privileges or disrupt service availability --- ### **Proof of Concept (PoC)** **Example Exploit Command**: ```bas...

Cisco Talos has uncovered new threats, including ransomware like CyberLock and Lucky_Gh0$t, and a destructive malware called Numero, all disguised as legitimate AI tool installers to target victims.

### Summary This vulnerability is similar to CVE-2018-14732. When running a Next.js server locally (e.g. through `npm run dev`), the WebSocket server is vulnerable to the Cross-site WebSocket hijacking (CSWSH) attack. and a bad actor can access the source code of client components, if a user was to visit a malicious link while having the Next.js dev server running. ### Impact If a user is running a Next.js server locally (e.g. `npm run dev`), and they were to browse to a malicious website, the malicious website may be able to access the source code of the Next.js app. This vulnerability only affects applications making use of App Router. _Note: App Router was experimental requiring_ `experimental.appDir = true` _in versions_ `>=13.0.0` to `<13.4`.

### Summary The vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality is invoked. These inputs are not validated before being compiled or parsed, causing a crash of the inference worker with a single request. The worker will remain down until it is restarted. ### Details The "type" field is expected to be one of: "string", "number", "object", "boolean", "array", or "null". Supplying any other value will cause the worker to crash with the following error: RuntimeError: [11:03:34] /project/cpp/json_schema_converter.cc:637: Unsupported type "something_or_nothing" The "pattern" field undergoes Jinja2 rendering (I think) prior to being passed unsafely into the native regex compiler without validation or escaping. This allows malformed expressions to reach the underlying C++ regex engine, resulting in fatal errors. For example, the following inputs will crash the wo...

### Impact A denial of service bug caused the vLLM server to crash if an invalid regex was provided while using structured output. This vulnerability is similar to [GHSA-6qc9-v4r8-22xg](https://github.com/vllm-project/vllm/security/advisories/GHSA-6qc9-v4r8-22xg), but for regex instead of a JSON schema. Issue with more details: https://github.com/vllm-project/vllm/issues/17313 ### Patches * https://github.com/vllm-project/vllm/pull/17623

### Summary Hitting the /v1/completions API with a invalid json_schema as a Guided Param will kill the vllm server ### Details The following API call `(venv) [derekh@ip-172-31-15-108 ]$ curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '{"model": "meta-llama/Llama-3.2-3B-Instruct","prompt": "Name two great reasons to visit Sligo ", "max_tokens": 10, "temperature": 0.5, "guided_json":"{\"properties\":{\"reason\":{\"type\": \"stsring\"}}}"}' ` will provoke a Uncaught exceptions from xgrammer in `./lib64/python3.11/site-packages/xgrammar/compiler.py ` Issue with more information: https://github.com/vllm-project/vllm/issues/17248 ### PoC Make a call to vllm with invalid json_scema e.g. `{\"properties\":{\"reason\":{\"type\": \"stsring\"}}}` `curl -s http://localhost:8000/v1/completions -H "Content-Type: application/json" -d '{"model": "meta-llama/Llama-3.2-3B-Instruct","prompt": "Name two great reasons to visit Sligo ", "max_tokens": 10, "temper...

### Summary A recent review identified several regular expressions in the vllm codebase that are susceptible to Regular Expression Denial of Service (ReDoS) attacks. These patterns, if fed with crafted or malicious input, may cause severe performance degradation due to catastrophic backtracking. #### 1. vllm/lora/utils.py [Line 173](https://github.com/vllm-project/vllm/blob/2858830c39da0ae153bc1328dbba7680f5fbebe1/vllm/lora/utils.py#L173) https://github.com/vllm-project/vllm/blob/2858830c39da0ae153bc1328dbba7680f5fbebe1/vllm/lora/utils.py#L173 **Risk Description:** - The regex `r"\((.*?)\)\$?$"` matches content inside parentheses. If input such as `((((a|)+)+)+)` is passed in, it can cause catastrophic backtracking, leading to a ReDoS vulnerability. - Using `.*?` (non-greedy match) inside group parentheses can be highly sensitive to input length and nesting complexity. **Remediation Suggestions:** - Limit the input string length. - Use a non-recursive matching approach, or write a r...

### Impact The library functions `getUserById`, `deleteUser`, `updateUserById`, `listFactors` and `deleteFactor` did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the `userId` are not affected by this. ### Patches Strict value checks have been added to all affected functions. These functions now require that the `userId` and `factorId` parameters MUST be valid UUID (v4). **Patched version:** >= 2.69.1 ### Workarounds Implementations that follow security best practice and validate user controlled inputs, such as the `userId` are not affected by this. It is recommended that users of the auth-js library always follow security best practice and validate all inputs, before passing these to other functions or libraries. ### References https://github.com/supabase/auth-js/pull/1063