fs.openAsBlob() can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.op ...
Continue Reading
September 07, 2024
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. ...
Continue Reading
September 07, 2024
This report concerns the Groth16 prover when used with commitments (as in frontend.Committer). To simplify exposition of the issue, I will focus on the case of a single commitment, to only private wit ...
Continue Reading
September 07, 2024
Hoverfly allows an arbitrary file read in the /api/v2/simulation endpoint (GHSL-2023-274) in...Read More ...
Continue Reading
September 07, 2024
Impact Users running the Synthetic Monitoring agent in their local network are impacted. The authentication token used to communicate with the Synthetic Monitoring API is exposed thru a debugging endp ...
Continue Reading
September 07, 2024
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Vers ...
Continue Reading
September 07, 2024
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM & ...
Continue Reading
September 07, 2024
XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( <!DOCTYPE foo [<!ENTITY example SYSTEM & ...
Continue Reading
September 07, 2024
Back to Main
