CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Rachel Hunter Allegedly Leaked the Data of Bames Excellent School
February 6th, 2025 (5 months ago)
|
|
|
Description: CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]
February 6th, 2025 (5 months ago)
|
|
|
Description: Summary
An unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL.
Details
The parsing logic implement at https://github.com/nuxt-modules/mdc/blob/main/src/runtime/parser/utils/props.ts#L16 maintains a deny-list approach to filtering potential malicious payload. It does so by matching protocol schemes like javascript: and others.
Specifically, this is the code from the mdc library's parser that is not secure enough:
export const unsafeLinkPrefix = [
'javascript:',
'data:text/html',
'vbscript:',
'data:text/javascript',
'data:text/vbscript',
'data:text/css',
'data:text/plain',
'data:text/xml'
]
export const validateProp = (attribute: string, value: string) => {
if (attribute.startsWith('on')) {
return false
}
if (attribute === 'href' || attribute === 'src') {
return !unsafeLinkPrefix.some(prefix => value.toLowerCase().startsWith(prefix))
}
return true
}
These security guards can be bypassed by an adversarial that provides JavaScript URLs with HTML entities encoded via hex string.
PoC
The following URL payloads if provided to the markdown parsing library (such as through the usage of import { parseMarkdown } from '@nuxtjs/mdc/runtime';) will trigger the alert() dialog:
# ✅ This is correctly escaped by the parser
- XSS Attempt:
this gets sanitizied, yay!
# ❌ These are vulnerable and not escaped
- Bypass 1:
Click Me 1
...
February 6th, 2025 (5 months ago)
|
|
|
Description: RipperSec Targeted the Website of Tripadvisor India
February 6th, 2025 (5 months ago)
|
|
|
Description: A Threat Actor Allegedly Leaked the Data of V2F Company
February 6th, 2025 (5 months ago)
|
|
|
Description: The version of rtmpdump contained in this package has multiple known vulnerabilities.
Patches
This package is abandoned and should not be used anymore.
There is no patched release.
Workarounds
You should install rmtpdump from another source.
References
https://github.com/advisories/GHSA-fm48-q5qq-894j
https://github.com/advisories/GHSA-pfv7-grcx-8gcc
https://github.com/advisories/GHSA-hg4c-2mw4-gwpm
References
https://github.com/Rudloff/rtmpdump-bin/security/advisories/GHSA-vrpv-vw92-328g
https://github.com/advisories/GHSA-fm48-q5qq-894j
https://github.com/advisories/GHSA-hg4c-2mw4-gwpm
https://github.com/advisories/GHSA-pfv7-grcx-8gcc
https://github.com/advisories/GHSA-vrpv-vw92-328g
February 6th, 2025 (5 months ago)
|
|
|
Description: Impact
In mitmweb 11.1.0 and below, a malicious client can use mitmweb's proxy server (bound to *:8080 by default) to access mitmweb's internal API (bound to 127.0.0.1:8081 by default). In other words, while the client cannot access the API directly (good), they can access the API through the proxy (bad). An attacker may be able to escalate this SSRF-style access to remote code execution.
The mitmproxy and mitmdump tools are unaffected. Only mitmweb is affected. The block_global option, which is enabled by default, blocks connections originating from publicly-routable IP addresses in the proxy. The attacker needs to be in the same local network.
Patches
The vulnerability has been fixed in mitmproxy 11.1.2 and above.
Acknowledgements
We thank Stefan Grönke (@gronke) for reporting this vulnerability as part of a security audit by Radically Open Security. This audit was supported by the NGI0 Entrust fund established by NLnet.
Timeline
2025-01-14: Received initial report.
2025-01-14: Verified report and confirmed receipt.
2025-01-19: Shared patch with researcher.
2025-02-04: Received final confirmation that patch is working.
2025-02-05: Published patched release and advisory.
References
https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-wg33-5h85-7q5p
https://github.com/mitmproxy/mitmproxy/commit/fa89055e196d953f11fd241e36ee37858993486a
https://github.com/mitmproxy/mitmproxy/blob/main/CHANGELOG.md
https://github.com/advisories/GHSA-wg33-5h85-7q5p
February 6th, 2025 (5 months ago)
|
|
|
Description: Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...]
February 6th, 2025 (5 months ago)
|
|
|
Description: Counter Claims to have Leaked the Data of Ten Ten Shoes
February 6th, 2025 (5 months ago)
|
|
|
Description: Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...]
February 6th, 2025 (5 months ago)
|