In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 30-31, 2024.
During this period, The National Vulnerability Database published 85, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 17
Medium: 18
Low: 11
Severity Not Assigned: 37
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-5372
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products-01-30-2024
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21840
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.
This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-21488
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on.
References: https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c
https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7
https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7
https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5
https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6942
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
References: https://jvn.jp/vu/JVNVU95103362
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6943
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
References: https://jvn.jp/vu/JVNVU95103362
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
CWE-ID: CWE-470
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-1061
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function.
References: https://www.tenable.com/security/research/tra-2024-02
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-1032
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307.
References: https://note.zhaoj.in/share/6ISYe2urjlkI
https://vuldb.com/?ctiid.252307
https://vuldb.com/?id.252307
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1034
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability.
References: https://note.zhaoj.in/share/ABYkFE4wRPW5
https://vuldb.com/?ctiid.252309
https://vuldb.com/?id.252309
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1019
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
References: https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-1035
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability.
References: https://note.zhaoj.in/share/AIbnbytIW9Bq
https://vuldb.com/?ctiid.252310
https://vuldb.com/?id.252310
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-21649
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
References: https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd
https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-46230
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
References: https://advisory.splunk.com/advisories/SVD-2024-0111
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-6258
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2251062
https://github.com/latchset/pkcs11-provider/pull/308
CWE-ID: CWE-1300
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-23838
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.
References: https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e
https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-1036
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311.
References: https://note.zhaoj.in/share/X1ASzPP5rHel
https://vuldb.com/?ctiid.252311
https://vuldb.com/?id.252311
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-23841
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later.
References: https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b
https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg
CWE-ID: CWE-80
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-24556
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1
References: https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d
https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-5389
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description:
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
References: https://process.honeywell.com
https://www.honeywell.com/us/en/product-security
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-24558
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.
References: https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1
https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 30-31, 2024.
During this period, The National Vulnerability Database published 85, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 2
High: 17
Medium: 18
Low: 11
Severity Not Assigned: 37
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2023-5372
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface.
References: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-post-authentication-command-injection-vulnerability-in-nas-products-01-30-2024
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-21840
Base Score: 7.9
Base Severity: HIGH
Exploitability Score: 2.0
Impact Score: 5.3
Description: Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files.
This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2.
References: https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html
CWE-ID: CWE-276
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-21488
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for an attacker to execute arbitrary commands on the operating system that this package is being run on.
References: https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c
https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7
https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7
https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5
https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371
CWE-ID: CWE-77
Common Platform Enumerations (CPE): Not Found
4. CVE-2023-6942
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to bypass authentication by sending specially crafted packets and connect to the products illegally.
References: https://jvn.jp/vu/JVNVU95103362
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-6943
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, FR Configurator2 all versions, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 all versions, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products.
References: https://jvn.jp/vu/JVNVU95103362
https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-020_en.pdf
CWE-ID: CWE-470
Common Platform Enumerations (CPE): Not Found
6. CVE-2024-1061
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function.
References: https://www.tenable.com/security/research/tra-2024-02
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-1032
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307.
References: https://note.zhaoj.in/share/6ISYe2urjlkI
https://vuldb.com/?ctiid.252307
https://vuldb.com/?id.252307
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
8. CVE-2024-1034
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability.
References: https://note.zhaoj.in/share/ABYkFE4wRPW5
https://vuldb.com/?ctiid.252309
https://vuldb.com/?id.252309
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-1019
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.
References: https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
CWE-ID: CWE-20
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-1035
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability.
References: https://note.zhaoj.in/share/AIbnbytIW9Bq
https://vuldb.com/?ctiid.252310
https://vuldb.com/?id.252310
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-21649
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0.
References: https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd
https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx
CWE-ID: CWE-94
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-46230
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 2.3
Impact Score: 5.3
Description: In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files.
References: https://advisory.splunk.com/advisories/SVD-2024-0111
CWE-ID: CWE-532
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-6258
Base Score: 8.1
Base Severity: HIGH
Exploitability Score: 2.2
Impact Score: 5.9
Description: A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). If exploited successfully, this vulnerability could result in a Bleichenbacher-like security flaw, potentially enabling a side-channel attack on PKCS#1 1.5 decryption.
References: https://bugzilla.redhat.com/show_bug.cgi?id=2251062
https://github.com/latchset/pkcs11-provider/pull/308
CWE-ID: CWE-1300
Common Platform Enumerations (CPE): Not Found
14. CVE-2024-23838
Base Score: 8.6
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.0
Description: TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.
References: https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e
https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh
CWE-ID: CWE-918
Common Platform Enumerations (CPE): Not Found
15. CVE-2024-1036
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311.
References: https://note.zhaoj.in/share/X1ASzPP5rHel
https://vuldb.com/?ctiid.252311
https://vuldb.com/?id.252311
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
16. CVE-2024-23841
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later.
References: https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b
https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg
CWE-ID: CWE-80
Common Platform Enumerations (CPE): Not Found
17. CVE-2024-24556
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 2.7
Description: urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1
References: https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d
https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-5389
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description:
An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion VirtualUOC and UOC . This exploit could be used to write a file that may result in unexpected behavior based on configuration changes or updating of files that could result in subsequent execution of a malicious application if triggered. Honeywell recommends updating to the most recent version of the product. See Honeywell Security Notification for recommendations on upgrading and versioning.
References: https://process.honeywell.com
https://www.honeywell.com/us/en/product-security
CWE-ID: CWE-749
Common Platform Enumerations (CPE): Not Found
19. CVE-2024-24558
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 4.2
Description: TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later.
References: https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1
https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf
CWE-ID: CWE-79
Common Platform Enumerations (CPE): Not Found