{ "version": "https://jsonfeed.org/version/1", "title": "Security Advisory for Erlang/Elixir packages hosted at hex.pm", "home_page_url": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Aerlang", "feed_url": "https://azu.github.io/github-advisory-database-rss/erlang.json", "description": "Security Advisory for Erlang/Elixir packages hosted at hex.pm on GitHub", "items": [ { "content_html": "
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3
can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
The mod_pubsub
module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
The mod_pubsub
module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack
of the file lib/pleroma/emoji/pack.ex
. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.
In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
\nStark Bank is a financial technology company that provides services to simplify and automate digital banking, by providing APIs to perform operations such as payments and transfers. In addition, Stark Bank maintains a number of cryptographic libraries to perform cryptographic signing and verification. These popular libraries are meant to be used to integrate with the Stark Bank ecosystem, but are also accessible on popular package manager platforms in order to be used by other projects. The node package manager reports around 16k weekly downloads for the ecdsa-node implementation while the Python implementation boasts over 7.3M downloads in the last 90 days on PyPI. A number of these libraries suffer from a vulnerability in the signature verification functions, allowing attackers to forge signatures for arbitrary messages which successfully verify with any public key.
\nAn attacker can forge signatures on arbitrary messages that will verify for any public key. This may allow attackers to authenticate as any user within the Stark Bank platform, and bypass signature verification needed to perform operations on the platform, such as send payments and transfer funds. Additionally, the ability for attackers to forge signatures may impact other users and projects using these libraries in different and unforeseen ways.
\nThe (slightly simplified) ECDSA verification of a signature (r, s) on a hashed message z with public key Q and curve order n works as follows:
\nThe (slightly simplified) ECDSA verification of a signature (r, s) on a hashed message z with public key Q and curve order n works as follows:
\nThe ECDSA signature verification functions in the libraries listed above fail to perform the first check, ensuring that the r and s components of the signatures are in the correct range. Specifically, the libraries are not checking that the components of the signature are non-zero, which is an important check mandated by the standard, see X9.62:2005, Section 7.4.1/a:
\n\n\n\n
\n- If r’ is not an integer in the interval [1, n-1], then reject the signature.
\n- If s’ is not an integer in the interval [1, n-1], then reject the signature.
\n
For example, consider the following excerpt of the verify function from the ecdsa-python implementation.
\ndef verify(cls, message, signature, publicKey, hashfunc=sha256):\n byteMessage = hashfunc(toBytes(message)).digest()\n numberMessage = numberFromByteString(byteMessage)\n curve = publicKey.curve\n r = signature.r\n s = signature.s\n inv = Math.inv(s, curve.N)\n u1 = Math.multiply(curve.G, n=(numberMessage * inv) % curve.N, N=curve.N, A=curve.A, P=curve.P)\n u2 = Math.multiply(publicKey.point, n=(r * inv) % curve.N, N=curve.N, A=curve.A, P=curve.P)\n add = Math.add(u1, u2, A=curve.A, P=curve.P)\n modX = add.x % curve.N\n return r == modX\n
\nIn that code snippet, the values r
and s
are extracted from the signature without any range check. An attacker supplying a signature equal to (r, s) = (0, 0)
will not see their signature rejected. Proceeding with the verification, this function computes the inverse of the s
component. Note that the Math.inv()
function returns zero when supplied with a zero input (even though 0 does not admit an inverse). The code then computes the values u1 = inv * numberMessage * G
and u2 = inv * r * Q
, but since inv
is zero, u1
and u2
will both be zero, i.e., the point at infinity, regardless of the value of numberMessage (the message hash, which we called z above) and Q (the public key). Subsequently, the implementation computes the intermediary curve point add by adding up the two previously computed points, which again results in the point at infinity. The final line checks that the r-component of the signature is equal to the x-coordinate of the curve point, essentially checking that 0 == 0
for all any message and any public key. Therefore, a signature (r, s) = (0, 0)
is deemed valid by the code for any message, and under any public key.
Users of the different Stark Bank ECDSA libraries should update to the latest versions. Specifically, versions larger or at least equal to the following should be used.
\nUse of Pow.Store.Backend.MnesiaCache
is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A cache key may become expired when all Pow.Store.Backend.MnesiaCache
instances have been shut down for a period that is longer than the keys' remaining TTL and the expired key won't be invalidated on startups.
The expired keys, including all expired sessions, can be manually invalidated by running:
\n:mnesia.sync_transaction(fn ->\n Enum.each(:mnesia.dirty_select(Pow.Store.Backend.MnesiaCache, [{{Pow.Store.Backend.MnesiaCache, :_, :_}, [], [:\"$_\"]}]), fn {_, key, {_value, expire}} ->\n ttl = expire - :os.system_time(:millisecond)\n if ttl < 0, do: :mnesia.delete({Pow.Store.Backend.MnesiaCache, key})\n end)\nend)\n
\nhttps://github.com/pow-auth/pow/commit/15dc525be03c466daa5d2119ca7acdec7b24ed17\nhttps://github.com/pow-auth/pow/issues/713\nhttps://github.com/pow-auth/pow/pull/714
\nThe Phoenix team designed Phoenix.Controller.redirect/2
to protect against redirects allowing user input to redirect to an external URL where your application code otherwise assumes a local path redirect. This is why the :to
option is used for “local” URL redirects and why you must pass the :external
option to intentionally allow external URLs to be redirected to. It has been disclosed that carefully crafted user input may be treated by some browsers as an external URL. An attacker can use this vulnerability to aid in social engineering attacks. The most common use would be to create highly believable phishing attacks. For example, the following user input would pass local URL validation, but be treated by Chrome and Firefox as external URLs: \nhttp://localhost:4000/?redirect=/\\nexample.com
\nNot all browsers are affected, but latest Chrome and Firefox will issue a get request for example.com
and successfully redirect externally
The Phoenix team designed Phoenix.Controller.redirect/2
to protect against redirects allowing user input to redirect to an external URL where your application code otherwise assumes a local path redirect. This is why the :to
option is used for “local” URL redirects and why you must pass the :external
option to intentionally allow external URLs to be redirected to. It has been disclosed that carefully crafted user input may be treated by some browsers as an external URL. An attacker can use this vulnerability to aid in social engineering attacks. The most common use would be to create highly believable phishing attacks. For example, the following user input would pass local URL validation, but be treated by Chrome and Firefox as external URLs: \nhttp://localhost:4000/?redirect=/\\nexample.com
\nNot all browsers are affected, but latest Chrome and Firefox will issue a get request for example.com
and successfully redirect externally
The Phoenix team designed Phoenix.Controller.redirect/2
to protect against redirects allowing user input to redirect to an external URL where your application code otherwise assumes a local path redirect. This is why the :to
option is used for “local” URL redirects and why you must pass the :external
option to intentionally allow external URLs to be redirected to. It has been disclosed that carefully crafted user input may be treated by some browsers as an external URL. An attacker can use this vulnerability to aid in social engineering attacks. The most common use would be to create highly believable phishing attacks. For example, the following user input would pass local URL validation, but be treated by Chrome and Firefox as external URLs: \nhttp://localhost:4000/?redirect=/\\nexample.com
\nNot all browsers are affected, but latest Chrome and Firefox will issue a get request for example.com
and successfully redirect externally
On Windows, it is possible to open a livebook://
link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine.
Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser.
\nOn Windows, it is possible to open a livebook://
link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine.
Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser.
\nEcto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil
and raise
.
tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes
\nsocket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
\nPivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
\nPivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
\nElixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.
\nErlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an \"xmppbomb\" attack.
\nPivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The \"X-Reason\" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
\n