CVSS: 9.8EPSS: 7%CPEs: 5EXPL: 1CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption
https://notcve.org/view.php?id=CVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. • http://packetstormsecurity.com/files/166599/cmark-gfm-Integer-overflow.html https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CYUU662VO6CCXQKVZVOHXX3RGIF2DLQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7V3HAM5H6YFJG2QFEXACZR3XVWFTXTC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KH4UQA6VWVZU5EW3HNEAB7D7BTCNJSJ2 https://lists.fedorapro • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24722 – Cross-site Scripting in view_component
https://notcve.org/view.php?id=CVE-2022-24722
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them. • https://github.com/github/view_component/commit/3f82a6e62578ff6f361aba24a1feb2caccf83ff9 https://github.com/github/view_component/releases/tag/v2.31.2 https://github.com/github/view_component/releases/tag/v2.49.1 https://github.com/github/view_component/security/advisories/GHSA-cm9w-c4rj-r2cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-41599 – Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution
https://notcve.org/view.php?id=CVE-2021-41599
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vulnerabilidad de ejecución de código remota en GitHub Enterprise Server que podía explotarse cuando era creado un sitio de GitHub Pages. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21687 – Command injection in gh-ost
https://notcve.org/view.php?id=CVE-2022-21687
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads. gh-ost es una solución de migración de esquemas en línea sin disparador para MySQL. Las versiones anteriores a 1.1.3 están sujetas a una vulnerabilidad de lectura arbitraria de archivos. • https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-41598 – UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user
https://notcve.org/view.php?id=CVE-2021-41598
A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program. • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.13 https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.5 • CWE-451: User Interface (UI) Misrepresentation of Critical Information •