CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2024-52577 |
Description: In Apache Ignite versions from 2.6.0 and before 2.17.0, configured Class Serialization Filters are ignored for some Ignite endpoints. The vulnerability could be exploited if an attacker manually crafts an Ignite message containing a vulnerable object whose class is present in the Ignite server classpath and sends it to Ignite server endpoints. Deserialization of such a message by the Ignite server may result in the execution of arbitrary code on the Apache Ignite server side.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-52577
https://lists.apache.org/thread/1bst0n27m9kb3b6f6hvlghn182vqb2hh
https://github.com/apache/ignite/commit/f1d3579eabb2c6f5b11b94d58600afc497a8603d
http://www.openwall.com/lists/oss-security/2025/02/14/2
https://github.com/advisories/GHSA-8355-xj3p-hv6q
CVSS: CRITICAL (9.5) EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
|
[keylime] Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0
Description: Impact
The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions >= 7.8.0, raising an exception.
This makes the Keylime registrar vulnerable to a Denial-of-Service attack in an update scenario, as an attacker could populate the registrar database by creating multiple valid agent registrations with different UUIDs while the version is still < 7.12.0. Then, when the Keylime registrar is updated to the 7.12.0 version, any query to the database matching any of the entries populated by the attacker will result in failure.
Patches
Users should upgrade to versions >= 7.12.1
Workarounds
Remove the registrar database and re-register all agents
Credit
Reported by: Anderson Toshiyuki Sasaki/@ansasaki
Patched by: Anderson Toshiyuki Sasaki/@ansasaki
References
https://github.com/keylime/keylime/security/advisories/GHSA-9jxq-5x44-gx23
https://github.com/keylime/keylime/commit/e08b10d86c3717006774e787542c190e2ba24fc7
https://github.com/advisories/GHSA-9jxq-5x44-gx23
February 14th, 2025 (5 months ago)
|
|
|
Description: The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named "
February 14th, 2025 (5 months ago)
|
|
|
Description: Credible Security's founders bring their varied experiences to help growing companies turn trust into a strategic advantage.
February 14th, 2025 (5 months ago)
|
|
|
Description: FDA and HHS sites now note that “The Trump Administration rejects gender ideology and condemns the harms it causes to children.”
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS.
Details
vlSelectionTuples calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument.
Example call: vlSelectionTuples([{datum:}], {fields:[{getter:}]})
This can be used to call Function() with arbitrary JavaScript and the resulting function can be called with vlSelectionTuples or using a type coercion to call toString or valueOf.
PoC
{"$schema":"https://vega.github.io/schema/vega/v5.json","signals":[{"name":"a","init":"+{valueOf:vlSelectionTuples([{datum:'alert(1)'}],{fields:[{getter:[].at.constructor}]})[0].values[0]}"}]}
References
https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j
https://github.com/vega/vega/commit/9fb9ea07e27984394e463d286eb73944fa61411e
https://github.com/advisories/GHSA-mp7w-mhcv-673j
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS.
Details
vlSelectionTuples calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument.
Example call: vlSelectionTuples([{datum:}], {fields:[{getter:}]})
This can be used to call Function() with arbitrary JavaScript and the resulting function can be called with vlSelectionTuples or using a type coercion to call toString or valueOf.
PoC
{"$schema":"https://vega.github.io/schema/vega/v5.json","signals":[{"name":"a","init":"+{valueOf:vlSelectionTuples([{datum:'alert(1)'}],{fields:[{getter:[].at.constructor}]})[0].values[0]}"}]}
References
https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j
https://github.com/vega/vega/commit/9fb9ea07e27984394e463d286eb73944fa61411e
https://github.com/advisories/GHSA-mp7w-mhcv-673j
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
By crafting specific options parameters, the endpoint.parse(options) call can be triggered, leading to a regular expression denial-of-service (ReDoS) attack. This causes the program to hang and results in high CPU utilization.
Details
The issue occurs in the parse function within the parse.ts file of the npm package @octokit/endpoint. The specific code is located at the following link: https://github.com/octokit/endpoint.js/blob/main/src/parse.ts, at line 62:
headers.accept.match(/[\w-]+(?=-preview)/g) || ([] as string[]);
The regular expression /[\w-]+(?=-preview)/g encounters a backtracking issue when it processes a large number of characters followed by the - symbol.
e.g., the attack string:
"" + "A".repeat(100000) + "-"
PoC
The gist
Here is the reproduction process for the vulnerability:
run 'npm i @octokit/endpoint'
Move poc.js to the root directory of the same level as README.md
run 'node poc.js'
result:
then the program will stuck forever with high CPU usage
import { endpoint } from "@octokit/endpoint";
// import { parse } from "./node_modules/@octokit/endpoint/dist-src/parse.js";
const options = {
method: "POST",
url: "/graphql", // Ensure that the URL ends with "/graphql"
headers: {
accept: "" + "A".repeat(100000) + "-", // Pass in the attack string
"content-type": "text/plain",
},
mediaType: {
previews: ["test-preview"], // Ensure that mediaType.previews exists and has values
format: "raw", // Optional media format
},
...
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
For the npm package @octokit/plugin-paginate-rest, when calling octokit.paginate.iterator(), a specially crafted octokit instance—particularly with a malicious link parameter in the headers section of the request—can trigger a ReDoS attack.
Details
The issue occurs at line 39 of iterator.ts in the @octokit/plugin-paginate-rest repository. The relevant code is as follows:
url = ((normalizedResponse.headers.link || "").match(
/<([^>]+)>;\s*rel="next"/,
) || [])[1];
The regular expression /<([^>]+)>;\s*rel="next"/ may lead to a potential backtracking vulnerability, resulting in a ReDoS (Regular Expression Denial of Service) attack. This could cause high CPU utilization and even service slowdowns or freezes when processing specially crafted Link headers.
PoC
The gist of PoC.js
run npm i @octokit/plugin-paginate-rest
run 'node poc.js'
result:
then the program will stuck forever with high CPU usage
import { Octokit } from "@octokit/core";
import { paginateRest } from "@octokit/plugin-paginate-rest";
const MyOctokit = Octokit.plugin(paginateRest);
const octokit = new MyOctokit({
auth: "your-github-token",
});
// Intercept the request to inject a malicious 'link' header for ReDoS
octokit.hook.wrap("request", async (request, options) => {
const maliciousLinkHeader = "" + "<".repeat(100000) + ">"; // attack string
return {
data: [],
headers: {
link: maliciousLinkHeader, // Inject malicious 'link' header
},
};
});
// Trigger the ReDoS attack ...
February 14th, 2025 (5 months ago)
|
|
|
Description: Summary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and "@", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability.
Details
The issue occurs at line 52 of iterator.ts in the @octokit/request-error repository.
The vulnerability is caused by the use of an inefficient regular expression in the handling of the authorization header within the request processing logic:
authorization: options.request.headers.authorization.replace(
/ .*$/,
" [REDACTED]"
)
The regular expression / .*$/ matches a space followed by any number of characters until the end of the line. This pattern is vulnerable to Regular Expression Denial of Service (ReDoS) when processing specially crafted input. Specifically, an attacker can send an authorization header containing a long sequence of spaces followed by a newline and "@", such as:
headers: {
authorization: "" + " ".repeat(100000) + "\n@",
}
Due to the way JavaScript's regular expression engine backtracks while attempting to match the space followed by arbitrary characters, this input can cause excessive CPU usage, significantly slowing down or even freezing the server. This leads to a denial-of-servi...
February 14th, 2025 (5 months ago)
|