In GitLab versions before 17.1.6, 17.2.4, and 17.3.1 a medium severity vulnerability CVE-2024-8041 was detected. A DoS vulnerability can disrupt the service by importing a malicious repository through the GitHub importer. To fix this problem, users should upgrade to version 17.1.6, 17.2.4, 17.3.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8041.
Read more Developer Tools
In GitLab versions from 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 a medium severity vulnerability CVE-2024-7110 was detected. This vulnerability allows attackers to execute arbitrary commands in a victim’s pipeline through prompt injection. To fix this problem, users should upgrade GitLab to versions 17.1.6, 17.2.4, or 17.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7110.
Read more Developer Tools
In NPM Matrix messaging protocol Client-Server SDK for JavaScript a medium severity vulnerability CVE-2024-42369 was detected. A malicious homeserver can create a cyclic room structure, causing infinite recursion in getRoomUpgradeHistory and affecting ‘leaveRoomChain()’. Fixed in version 34.3.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-42369.
Read more Developer Tools
In Flask-cors versions 4.0.1 a high severity vulnerability CVE-2024-6221 was detected. This vulnerability allows attackers to access private network resources without permission, potentially leading to data theft or unauthorized access to sensitive information. To fix this problem, users should upgrade Flask-cors to version 4.0.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6221.
Read more Application Development
In CKAN versions before 2.0.0 and 2.10.5 a medium severity vulnerability CVE-2024-41674 was detected. This vulnerability allows potential exposure of sensitive information, like internal Solr URLs and credentials, in error messages when there are connection issues between CKAN and the Solr server. To fix this issue, users must upgrade CKAN to versions 2.10.5 and 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41674.
Read more Data Analytics
In CKAN versions 2.10.5 and earlier a medium severity vulnerability CVE-2024-43371 was detected. CKAN plugins that download content from resource URLs lack restrictions on what URLs can be accessed, making them vulnerable to Server Side Request Forgery (SSRF) attacks. To fix this problem, users should upgrade to version 2.10.5 or 2.11.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43371.
Read more Data Analytics
In Joomla versions 3.0.0-3.10.16-elts, 4.0.0-4.4.6, 5.0.0-5.1.2 a critical severity vulnerability CVE-2024-27185 was detected. The pagination class incorporates arbitrary parameters into links, potentially enabling cache poisoning attacks. To fix this problem, users should upgrade to version 3.10.17-elts, 4.4.7, or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27185.
Read more CMS
In Apache Airflow versions before 2.10.0 a medium severity vulnerability CVE-2024-41937 was detected. This vulnerability allows attackers to potentially run harmful scripts on a user’s browser when they click on a provider link in Apache Airflow, potentially leading to data theft. To fix this problem, users should upgrade Apache Airflow to version 2.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-41937.
Read more Data Analytics
In WooCommerce versions prior from n/a through 9.1.2 a medium severity vulnerability CVE-2024-39666 was detected. This security flaw allows hackers to insert harmful code into web pages. To fix this problem, users should upgrade to WooCommerce version 9.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39666.
Read more E-commerce