TL;DR Gogs is an open source self-hosted Git service. In the version 0.13.2 and prior, there is a stored Cross-Site Scripting (XSS) vulnerability, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated component: pdfjs-1.4.20 under public/plugins/. This issue has been fixed for gogs.io/gogs in version 0.13.3. […]
Non proverò a farvi tornare alla memoria la vostra infanzia da nerd, i primi computer o con quale software vi siete approcciati all’informatica (io non mi ricordo ad essere onesto, qualcosa come Bearshare o MSN…). Preferisco piuttosto parlare degli errori che ho fatto, cosa faccio oggi e dove spero di arrivare tra qualche anno. Buona […]
TL;DR A Server-Side Template Injection (SSTI) vulnerability in spacy-llm <= v0.7.2 allows attackers to execute arbitrary code via injecting a crafted payload into the template field. Update spacy-llm to version v0.7.3 or later. What is spaCy spaCy is an open-source software library for advanced natural language processing (NLP), written in the programming languages Python and […]
TL;DR A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. Update changedetection.io to version 0.45.21 or later. A huge thanks to the mantainer (https://github.com/dgtlmoon) that was very responsive and collaborative to fix the issue, request a CVE number and inform the […]