CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43776 – XSS vulnerability in @backstage/plugin-auth-backend
https://notcve.org/view.php?id=CVE-2021-43776
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. • https://github.com/backstage/backstage/security/advisories/GHSA-w7fj-336r-vw49 https://github.com/backstage/backstage/tree/master/plugins/auth-backend • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-43669
https://notcve.org/view.php?id=CVE-2021-43669
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric. Se ha detectado una vulnerabilidad en HyperLedger Fabric versiones v1.4.0, v2.0.0, v2.0.1, v2.3.0. • https://github.com/hyperledger/fabric/pull/2828 https://jira.hyperledger.org/browse/FAB-18528 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2021-43667
https://notcve.org/view.php?id=CVE-2021-43667
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash. Se ha detectado una vulnerabilidad en HyperLedger Fabric versiones v1.4.0, v2.0.0, v2.1.0. • https://github.com/hyperledger/fabric/pull/2844 https://jira.hyperledger.org/browse/FAB-18529 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-41190 – Clarify Content-Type handling in OCI spec
https://notcve.org/view.php?id=CVE-2021-41190
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. • http://www.openwall.com/lists/oss-security/2021/11/19/10 https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923 https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN https://lists.fedoraproject.org/archives/list/packa • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41131 – Client metadata path-traversal in python-tuf
https://notcve.org/view.php?id=CVE-2021-41131
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. • https://github.com/theupdateframework/python-tuf/commit/4ad7ae48fda594b640139c3b7eae21ed5155a102 https://github.com/theupdateframework/python-tuf/issues/1527 https://github.com/theupdateframework/python-tuf/security/advisories/GHSA-wjw6-2cqr-j4qr • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •