<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Thu, 16 Jul 2026 20:55:32 +0000</lastBuildDate>
    <item>
      <title>411562dc-dd08-4a71-8b1c-fc03d52e1fb4</title>
      <link>https://vulnerability.circl.lu/sighting/411562dc-dd08-4a71-8b1c-fc03d52e1fb4/export</link>
      <description>{"uuid": "411562dc-dd08-4a71-8b1c-fc03d52e1fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23542", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12066", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23542\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)\n\ud83d\udd39 Description: OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.\n\n\n\ud83d\udccf Published: 2022-12-20T20:15:16.628Z\n\ud83d\udccf Modified: 2025-04-16T14:43:38.712Z\n\ud83d\udd17 References:\n1. https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m\n2. https://github.com/openfga/openfga/pull/422\n3. https://github.com/openfga/openfga/releases/tag/v0.3.1", "creation_timestamp": "2025-04-16T14:56:36.000000Z"}</description>
      <content:encoded>{"uuid": "411562dc-dd08-4a71-8b1c-fc03d52e1fb4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23542", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12066", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23542\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L)\n\ud83d\udd39 Description: OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.\n\n\n\ud83d\udccf Published: 2022-12-20T20:15:16.628Z\n\ud83d\udccf Modified: 2025-04-16T14:43:38.712Z\n\ud83d\udd17 References:\n1. https://github.com/openfga/openfga/security/advisories/GHSA-m3q4-7qmj-657m\n2. https://github.com/openfga/openfga/pull/422\n3. https://github.com/openfga/openfga/releases/tag/v0.3.1", "creation_timestamp": "2025-04-16T14:56:36.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/411562dc-dd08-4a71-8b1c-fc03d52e1fb4/export</guid>
      <pubDate>Wed, 16 Apr 2025 14:56:36 +0000</pubDate>
    </item>
    <item>
      <title>57ab7391-5b78-4a45-a381-f44beb08eebc</title>
      <link>https://vulnerability.circl.lu/sighting/57ab7391-5b78-4a45-a381-f44beb08eebc/export</link>
      <description>{"uuid": "57ab7391-5b78-4a45-a381-f44beb08eebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23547", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11751", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23547\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.\n\ud83d\udccf Published: 2022-12-23T14:00:22.817Z\n\ud83d\udccf Modified: 2025-04-15T03:12:28.456Z\n\ud83d\udd17 References:\n1. https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr\n2. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w\n3. https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36\n4. https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "creation_timestamp": "2025-04-15T03:54:32.000000Z"}</description>
      <content:encoded>{"uuid": "57ab7391-5b78-4a45-a381-f44beb08eebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23547", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11751", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23547\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H)\n\ud83d\udd39 Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.\n\ud83d\udccf Published: 2022-12-23T14:00:22.817Z\n\ud83d\udccf Modified: 2025-04-15T03:12:28.456Z\n\ud83d\udd17 References:\n1. https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr\n2. https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w\n3. https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36\n4. https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html", "creation_timestamp": "2025-04-15T03:54:32.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/57ab7391-5b78-4a45-a381-f44beb08eebc/export</guid>
      <pubDate>Tue, 15 Apr 2025 03:54:32 +0000</pubDate>
    </item>
    <item>
      <title>699b2658-2405-455e-a314-7df30cc8e797</title>
      <link>https://vulnerability.circl.lu/sighting/699b2658-2405-455e-a314-7df30cc8e797/export</link>
      <description>{"uuid": "699b2658-2405-455e-a314-7df30cc8e797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23546", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23546\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2023-01-05T18:10:08.048Z\n\ud83d\udccf Modified: 2025-03-10T21:32:03.679Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f\n2. https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "creation_timestamp": "2025-03-10T21:39:27.000000Z"}</description>
      <content:encoded>{"uuid": "699b2658-2405-455e-a314-7df30cc8e797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23546", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23546\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)\n\ud83d\udd39 Description: In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2023-01-05T18:10:08.048Z\n\ud83d\udccf Modified: 2025-03-10T21:32:03.679Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-q9jp-xv4g-328f\n2. https://github.com/discourse/discourse/commit/cf862e736565c6fa905c12b5dbe63d0bd056efb8", "creation_timestamp": "2025-03-10T21:39:27.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/699b2658-2405-455e-a314-7df30cc8e797/export</guid>
      <pubDate>Mon, 10 Mar 2025 21:39:27 +0000</pubDate>
    </item>
    <item>
      <title>97a94d5b-83aa-4a8e-9b74-95cb06343a14</title>
      <link>https://vulnerability.circl.lu/sighting/97a94d5b-83aa-4a8e-9b74-95cb06343a14/export</link>
      <description>{"uuid": "97a94d5b-83aa-4a8e-9b74-95cb06343a14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23549", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7068", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23549\n\ud83d\udd25 CVSS Score: 5.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\ud83d\udccf Published: 2023-01-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-10T21:32:15.478Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8\n2. https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", "creation_timestamp": "2025-03-10T21:39:22.000000Z"}</description>
      <content:encoded>{"uuid": "97a94d5b-83aa-4a8e-9b74-95cb06343a14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23549", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7068", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23549\n\ud83d\udd25 CVSS Score: 5.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\ud83d\udccf Published: 2023-01-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-10T21:32:15.478Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/commit/bf6b08670a927cc80bb090b7a2e710b4b554e6a8\n2. https://github.com/discourse/discourse/security/advisories/GHSA-p47g-v5wr-p4xp", "creation_timestamp": "2025-03-10T21:39:22.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/97a94d5b-83aa-4a8e-9b74-95cb06343a14/export</guid>
      <pubDate>Mon, 10 Mar 2025 21:39:22 +0000</pubDate>
    </item>
    <item>
      <title>611245ed-f1d1-48a6-b6f3-e5988a94e981</title>
      <link>https://vulnerability.circl.lu/sighting/611245ed-f1d1-48a6-b6f3-e5988a94e981/export</link>
      <description>{"uuid": "611245ed-f1d1-48a6-b6f3-e5988a94e981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23548", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23548\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\ud83d\udccf Published: 2023-01-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-10T21:32:22.096Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf\n2. https://github.com/discourse/discourse/pull/19737", "creation_timestamp": "2025-03-10T21:39:21.000000Z"}</description>
      <content:encoded>{"uuid": "611245ed-f1d1-48a6-b6f3-e5988a94e981", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23548", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7067", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-23548\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to regular expression denial of service (ReDoS) attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\ud83d\udccf Published: 2023-01-05T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-10T21:32:22.096Z\n\ud83d\udd17 References:\n1. https://github.com/discourse/discourse/security/advisories/GHSA-7rw2-f4x7-7pxf\n2. https://github.com/discourse/discourse/pull/19737", "creation_timestamp": "2025-03-10T21:39:21.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/611245ed-f1d1-48a6-b6f3-e5988a94e981/export</guid>
      <pubDate>Mon, 10 Mar 2025 21:39:21 +0000</pubDate>
    </item>
    <item>
      <title>214a843a-6674-460f-9a36-f0cfad61c694</title>
      <link>https://vulnerability.circl.lu/sighting/214a843a-6674-460f-9a36-f0cfad61c694/export</link>
      <description>{"uuid": "214a843a-6674-460f-9a36-f0cfad61c694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23548", "type": "seen", "source": "https://t.me/cibsecurity/56009", "content": "\u203c CVE-2022-23548 \u203c\n\nDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to XSS attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T22:19:26.000000Z"}</description>
      <content:encoded>{"uuid": "214a843a-6674-460f-9a36-f0cfad61c694", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23548", "type": "seen", "source": "https://t.me/cibsecurity/56009", "content": "\u203c CVE-2022-23548 \u203c\n\nDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, parsing posts can be susceptible to XSS attacks. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T22:19:26.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/214a843a-6674-460f-9a36-f0cfad61c694/export</guid>
      <pubDate>Thu, 05 Jan 2023 22:19:26 +0000</pubDate>
    </item>
    <item>
      <title>e9c17d60-b2e8-495f-82fe-6d8a77228bc0</title>
      <link>https://vulnerability.circl.lu/sighting/e9c17d60-b2e8-495f-82fe-6d8a77228bc0/export</link>
      <description>{"uuid": "e9c17d60-b2e8-495f-82fe-6d8a77228bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23546", "type": "seen", "source": "https://t.me/cibsecurity/56007", "content": "\u203c CVE-2022-23546 \u203c\n\nIn version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T22:19:20.000000Z"}</description>
      <content:encoded>{"uuid": "e9c17d60-b2e8-495f-82fe-6d8a77228bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23546", "type": "seen", "source": "https://t.me/cibsecurity/56007", "content": "\u203c CVE-2022-23546 \u203c\n\nIn version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T22:19:20.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/e9c17d60-b2e8-495f-82fe-6d8a77228bc0/export</guid>
      <pubDate>Thu, 05 Jan 2023 22:19:20 +0000</pubDate>
    </item>
    <item>
      <title>9c9a69cf-a7f6-40f4-9ba6-b676e221b364</title>
      <link>https://vulnerability.circl.lu/sighting/9c9a69cf-a7f6-40f4-9ba6-b676e221b364/export</link>
      <description>{"uuid": "9c9a69cf-a7f6-40f4-9ba6-b676e221b364", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23549", "type": "seen", "source": "https://t.me/cibsecurity/56003", "content": "\u203c CVE-2022-23549 \u203c\n\nDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T22:19:16.000000Z"}</description>
      <content:encoded>{"uuid": "9c9a69cf-a7f6-40f4-9ba6-b676e221b364", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23549", "type": "seen", "source": "https://t.me/cibsecurity/56003", "content": "\u203c CVE-2022-23549 \u203c\n\nDiscourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta15 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-05T22:19:16.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/9c9a69cf-a7f6-40f4-9ba6-b676e221b364/export</guid>
      <pubDate>Thu, 05 Jan 2023 22:19:16 +0000</pubDate>
    </item>
    <item>
      <title>f4f6f89c-17cb-4f4e-925b-543d5995fc83</title>
      <link>https://vulnerability.circl.lu/sighting/f4f6f89c-17cb-4f4e-925b-543d5995fc83/export</link>
      <description>{"uuid": "f4f6f89c-17cb-4f4e-925b-543d5995fc83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23547", "type": "seen", "source": "https://t.me/cibsecurity/55253", "content": "\u203c CVE-2022-23547 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T18:14:45.000000Z"}</description>
      <content:encoded>{"uuid": "f4f6f89c-17cb-4f4e-925b-543d5995fc83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23547", "type": "seen", "source": "https://t.me/cibsecurity/55253", "content": "\u203c CVE-2022-23547 \u203c\n\nPJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. This issue is similar to GHSA-9pfh-r8x4-w26w. Possible buffer overread when parsing a certain STUN message. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as commit in the master branch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T18:14:45.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/f4f6f89c-17cb-4f4e-925b-543d5995fc83/export</guid>
      <pubDate>Fri, 23 Dec 2022 18:14:45 +0000</pubDate>
    </item>
    <item>
      <title>bba20221-95e5-441b-9abb-e0c7ab99bbe4</title>
      <link>https://vulnerability.circl.lu/sighting/bba20221-95e5-441b-9abb-e0c7ab99bbe4/export</link>
      <description>{"uuid": "bba20221-95e5-441b-9abb-e0c7ab99bbe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23541", "type": "seen", "source": "https://t.me/cibsecurity/55125", "content": "\u203c CVE-2022-23541 \u203c\n\njsonwebtoken is an implementation of JSON Web Tokens. Versions `&amp;lt;= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T06:15:26.000000Z"}</description>
      <content:encoded>{"uuid": "bba20221-95e5-441b-9abb-e0c7ab99bbe4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23541", "type": "seen", "source": "https://t.me/cibsecurity/55125", "content": "\u203c CVE-2022-23541 \u203c\n\njsonwebtoken is an implementation of JSON Web Tokens. Versions `&amp;lt;= 8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function referring to the `secretOrPublicKey` argument from the readme link will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification, other than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. If your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. This issue has been patched, please update to version 9.0.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-23T06:15:26.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bba20221-95e5-441b-9abb-e0c7ab99bbe4/export</guid>
      <pubDate>Fri, 23 Dec 2022 06:15:26 +0000</pubDate>
    </item>
  </channel>
</rss>
