Users are advised to upgrade as soon as possible.Īim is an open-source, self-hosted machine learning experiment tracking tool. The vulnerability has been patched as of v1.18.5. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. Nodebb is an open source Node.js based forum software. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/.%2Fsecrets.txt`, bypassing Armeria's path validation logic. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.Īrmeria is an open source microservice framework. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the Plugin Directory but is not yet present in that directory.Īn issue was discovered in Quagga through 1.2.4.
WordPress before 5.8 lacks support for the Update URI plugin header.