CVE-2021-4140 – Mozilla: Iframe sandbox bypass with XSLT
https://notcve.org/view.php?id=CVE-2021-4140
It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. ... The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markups that would enable someone to bypass an iframe sandbox. • https://bugzilla.mozilla.org/show_bug.cgi?id=1746720 https://www.mozilla.org/security/advisories/mfsa2022-01 https://www.mozilla.org/security/advisories/mfsa2022-02 https://www.mozilla.org/security/advisories/mfsa2022-03 https://access.redhat.com/security/cve/CVE-2021-4140 https://bugzilla.redhat.com/show_bug.cgi?id=2039568 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-29454 – Sandbox Escape by math function in smarty
https://notcve.org/view.php?id=CVE-2021-29454
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. Smarty es un motor de plantillas para PHP que facilita la separación de la presentación (HTML/CSS) de la lógica de la aplicación. • https://github.com/smarty-php/smarty/commit/215d81a9fa3cd63d82fb3ab56ecaf97cf1e7db71 https://github.com/smarty-php/smarty/releases/tag/v3.1.42 https://github.com/smarty-php/smarty/releases/tag/v4.0.2 https://github.com/smarty-php/smarty/security/advisories/GHSA-29gp-2c3m-3j6m https://lists.debian.org/debian-lts-announce/2022/05/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRAJVDRGCIY5UZ2PQHKDTT7RMKG6WJQQ https://lists.fedoraproject.org/archives/l • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2021-23543 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23543
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a una Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309908 https://www.npmjs.com/package/realms-shim • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2021-23594 – Sandbox Bypass
https://notcve.org/view.php?id=CVE-2021-23594
All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector. Todas las versiones del paquete realms-shim son vulnerables a la Omisión del Sandbox por medio de un vector de ataque de Contaminación de Prototipos • https://snyk.io/vuln/SNYK-JS-REALMSSHIM-2309907 https://www.npmjs.com/package/realms-shim • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVE-2022-21648 – Sandbox bypass in Latte templates
https://notcve.org/view.php?id=CVE-2022-21648
Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. ... Desde la versión 2.8.0, Latte ha incluido un sandbox de plantillas y en las versiones afectadas se ha encontrado que se presenta un escape del sandbox que permite una inyección en páginas web generadas desde Latte. • https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0 https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •