An attacker controlling a jinja2 template rendered on a machine can trigger arbitrary code, making this a Remote Code Execution (RCE) risk. Jinja2 is a powerful templating engine and is not designed to safely render arbitrary templates. When a secret starts with the prefix `!template!`, vault-cli interprets the rest of the contents of the secret as a Jinja2 template. In versions before 3.0.0 vault-cli features the ability for rendering templated values. Vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault.
Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258. Wiki.js version 2.5.260 is the first production version to contain a patch. As a workaround, disable file upload for all non-trusted users. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.Ĭross Site Scripting (XSS) vulnerability exists in Catfish ` tags. KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. The application interacted with that domain, indicating that the injected SQL query was executed. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks.
The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command.Ī Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denial of Service via a crafted file in the MP4Box command. The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files.