Vulnerabilidades

*** Pendiente de traducción *** # Active Storage allowed transformation methods potentially unsafe<br /> <br /> Active Storage attempts to prevent the use of potentially unsafe image<br /> transformation methods and parameters by default.<br /> <br /> The default allowed list contains three methods allow for the circumvention<br /> of the safe defaults which enables potential command injection<br /> vulnerabilities in cases where arbitrary user supplied input is accepted as<br /> valid transformation methods or parameters.<br /> <br /> <br /> Impact<br /> ------<br /> This vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor.<br /> <br /> Vulnerable code will look something similar to this:<br /> ```<br /> params[:v]) %&gt;<br /> ```<br /> <br /> Where the transformation method or its arguments are untrusted arbitrary input.<br /> <br /> All users running an affected release should either upgrade or use one of the workarounds immediately.<br /> <br /> <br /> <br /> Workarounds<br /> -----------<br /> Consuming user supplied input for image transformation methods or their parameters is unsupported behavior and should be considered dangerous.<br /> <br /> Strict validation of user supplied methods and parameters should be performed<br /> as well as having a strong [ImageMagick security<br /> policy](https://imagemagick.org/script/security-policy.php) deployed.<br /> <br /> Credits<br /> -------<br /> <br /> Thank you [lio346](https://hackerone.com/lio346) for reporting this!

*** Pendiente de traducción *** LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base &gt; File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitrary files in abnormal or unintended paths. In addition, since `lobechat.com` relies on the size parameter from the request to calculate file usage, an attacker can manipulate this value to misrepresent the actual file size, such as uploading a `1 GB` file while reporting it as `10 MB`, or falsely declaring a `10 MB` file as a `1 GB` file. By manipulating the size value provided in the client upload request, it is possible to bypass the monthly upload quota enforced by the server and continuously upload files beyond the intended storage and traffic limits. This abuse can result in a discrepancy between actual resource consumption and billing calculations, causing direct financial impact to the service operator. Additionally, exhaustion of storage or related resources may lead to degraded service availability, including failed uploads, delayed content delivery, or temporary suspension of upload functionality for legitimate users. A single malicious user can also negatively affect other users or projects sharing the same subscription plan, effectively causing an indirect denial of service (DoS). Furthermore, excessive and unaccounted-for uploads can distort monitoring metrics and overload downstream systems such as backup processes, malware scanning, and media processing pipelines, ultimately undermining overall operational stability and service reliability. Version 1.143.3 contains a patch for the issue.

*** Pendiente de traducción *** Improper Neutralization of Special Elements used in an Expression Language Statement (&amp;#39;Expression Language Injection&amp;#39;) vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.

*** Pendiente de traducción *** Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.

*** Pendiente de traducción *** SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database.

*** Pendiente de traducción *** Salt&amp;#39;s junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.

*** Pendiente de traducción *** aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php.

*** Pendiente de traducción *** Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data.  <br /> <br /> The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X.

*** Pendiente de traducción *** A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used.

*** Pendiente de traducción *** A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Due to contradicting product definitions in the original disclosure, this CVE was initially incorrectly assigned to the Student Management System.

*** Pendiente de traducción *** Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service

*** Pendiente de traducción *** A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.