CVE-2020-28949 – PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2020-28949
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed. Archive_Tar versiones hasta 1.4.10, presenta una desinfección del nombre de archivo :// solo para abordar los ataques phar y, por lo tanto, cualquier otro ataque de empaquetado de flujo (tal y como file:// para sobrescribir archivos) aún puede tener éxito A flaw was found in the Archive_Tar package. PEAR Archive_Tar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive. PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. • https://github.com/0x240x23elu/CVE-2020-28948-and-CVE-2020-28949 https://github.com/JinHao-L/PoC-for-CVE-2020-28948-CVE-2020-28949 http://packetstormsecurity.com/files/161095/PEAR-Archive_Tar-Arbitrary-File-Write.html https://github.com/pear/Archive_Tar/issues/33 https://lists.debian.org/debian-lts-announce/2020/11/msg00045.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42GPGVVFTLJYAKRI75IVB5R45NYQGEUR https://lists.fedoraproject.org/archives/list/pack • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2020-13663
https://notcve.org/view.php?id=CVE-2020-13663
Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. Una vulnerabilidad de tipo Cross Site Request Forgery en la API de Drupal Core Form no maneja apropiadamente determinadas entradas de formularios de peticiones de tipo cross-site, lo que puede conllevar a otras vulnerabilidades • https://www.drupal.org/sa-core-2020-004 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-11023 – Potential XSS vulnerability in jQuery
https://notcve.org/view.php?id=CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. En jQuery versiones mayores o iguales a 1.0.3 y anteriores a la versión 3.5.0, passing HTML contiene elementos de fuentes no seguras – incluso después de sanearlo – para uno de los métodos de manipulación de jQuery ´s DOM ( i.e. html t(), adjunto (), y otros ) podrían ejecutar códigos no seguros. Este problema está corregido en JQuery 3.5.0. A flaw was found in jQuery. • https://www.exploit-db.com/exploits/49767 https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 https://github.com/Cybernegro/CVE-2020-11023 https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html http://packetstormsecurity.com/files/162160/jQuery-1.0.3-Cross& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-11022 – Potential XSS vulnerability in jQuery
https://notcve.org/view.php?id=CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. En las versiones de jQuery mayores o iguales a 1.2 y anteriores a la versión 3.5.0, se puede ejecutar HTML desde fuentes no seguras, incluso después de desinfectarlo, a uno de los métodos de manipulación DOM de jQuery (es decir .html (), .append () y otros). código no seguro Este problema está corregido en jQuery 3.5.0. A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser. jQuery version 1.2 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/49766 https://github.com/0xAJ2K/CVE-2020-11022-CVE-2020-11023 https://github.com/ossf-cve-benchmark/CVE-2020-11022 https://github.com/Snorlyd/https-nj.gov---CVE-2020-11022 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00067.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00085.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00039.html http://packetstormsecurity.com/files/162159/jQuery-1.2& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-11831
https://notcve.org/view.php?id=CVE-2019-11831
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does not prevent directory traversal, which allows attackers to bypass a deserialization protection mechanism, as demonstrated by a phar:///path/bad.phar/../good.phar URL. El paquete PharStreamWrapper (también conocido como phar-stream-wrapper), versiones 2.x anteriores a 2.1.1 y 3.x anteriores a 3.1.1 para TYPO3, no impide el salto de directorio, lo que permite a los atacantes eludir un mecanismo de protección de deserialización, como lo demuestra una URL phar:///path/bad.phar/../good.phar. • http://www.securityfocus.com/bid/108302 https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v2.1.1 https://github.com/TYPO3/phar-stream-wrapper/releases/tag/v3.1.1 https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/65ODQHDHWR74L6TCAPAQR5FQHG6MCXAW https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QDJVUJPUW3RZ4746SC6BX4F4T6ZXNBH https://lists.fedoraproject. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-502: Deserialization of Untrusted Data •