CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-39209 – Uncontrolled Resource Consumption in cmark-gfm
https://notcve.org/view.php?id=CVE-2022-39209
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. • https://en.wikipedia.org/wiki/Time_complexity https://github.com/github/cmark-gfm/commit/9d57d8a23142b316282bdfc954cb0ecda40a8655 https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUCZN3PEKUCT2JQYQTYOVIJG2KSD6G7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMGP65NANDVKPDMXMKYO2ZV2H2HZJY4P https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/mess • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35954 – Delimiter injection vulnerability in @actions/core exportVariable
https://notcve.org/view.php?id=CVE-2022-35954
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB_ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author. Users should upgrade to `@actions/core v1.9.1`. If you are unable to upgrade the `@actions/core` package, you can modify your action to ensure that any user input does not contain the delimiter `_GitHubActionsFileCommandDelimeter_` before calling `core.exportVariable`. • https://github.com/actions/toolkit/commit/4beda9cbc00ba6eefe387a937c21087ccb8ee9df https://github.com/actions/toolkit/security/advisories/GHSA-7r3h-m5j6-3q42 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23733 – Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
https://notcve.org/view.php?id=CVE-2022-23733
A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de tipo XSS almacenado en GitHub Enterprise Server que permitía la inyección de atributos arbitrarios. • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.6 https://docs.github.com/en/enterprise-server%403.5/admin/release-notes#3.5.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23732 – Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections
https://notcve.org/view.php?id=CVE-2022-23732
A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.11 https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.6 https://docs.github.com/en/enterprise-server%403.4/admin/release-notes#3.4.1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33961
https://notcve.org/view.php?id=CVE-2021-33961
A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en enhanced-github versión v5.0.11, por medio del parámetro file name • https://github.com/softvar/enhanced-github/issues/96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •