{"vulnerability": "CVE-2022-3600", "sightings": [{"uuid": "d87d96d9-aed6-4cc6-a444-951c0865e578", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36007", "type": "seen", "source": "https://t.me/cibsecurity/48139", "content": "\u203c CVE-2022-36007 \u203c\n\nVenice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions `load-file` and `load-resource`. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: `[ \"/Users/foo/resources\" ]` When passing **relative** paths to these two vulnerable functions everything is fine: `(load-resource \"test.png\")` => loads the file \"/Users/foo/resources/test.png\" `(load-resource \"../resources-alt/test.png\")` => rejected, outside the load path When passing **absolute** paths to these two vulnerable functions Venice may return files outside the configured load paths: `(load-resource \"/Users/foo/resources/test.png\")` => loads the file \"/Users/foo/resources/test.png\" `(load-resource \"/Users/foo/resources-alt/test.png\")` => loads the file \"/Users/foo/resources-alt/test.png\" !!! The latter call suffers from the _Partial Path Traversal_ vulnerability. This issue\u00e2\u20ac\u2122s scope is limited to absolute paths whose name prefix matches a load path. E.g. for a load-path `\"/Users/foo/resources\"`, the actor can cause loading a resource also from `\"/Users/foo/resources-alt\"`, but not from `\"/Users/foo/images\"`. Versions of Venice before and including v1.10.17 are affected by this issue. Upgrade to Venice >= 1.10.18, if you are on a version < 1.10.18. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T14:37:55.000000Z"}, {"uuid": "28fe7b44-deca-4531-82be-7afed8909f3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36004", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13078", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36004\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TensorFlow is an open source platform for machine learning. When `tf.random.gamma` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-09-16T22:10:26.000Z\n\ud83d\udccf Modified: 2025-04-23T17:00:45.804Z\n\ud83d\udd17 References:\n1. https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3\n2. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mv8m-8x97-937q", "creation_timestamp": "2025-04-23T17:04:50.000000Z"}, {"uuid": "8fc64b5d-feed-4a87-beed-c503f73eeaa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36007", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwze4vmdvk26", "content": "", "creation_timestamp": "2025-08-22T21:02:31.672825Z"}, {"uuid": "cb9209b6-7209-46d5-986f-19b017b9f12c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36003", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13077", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36003\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-09-16T22:10:21.000Z\n\ud83d\udccf Modified: 2025-04-23T17:00:52.567Z\n\ud83d\udd17 References:\n1. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cv2p-32v3-vhwq\n2. https://github.com/tensorflow/tensorflow/commit/552bfced6ce4809db5f3ca305f60ff80dd40c5a3", "creation_timestamp": "2025-04-23T17:04:49.000000Z"}, {"uuid": "3187c2ca-b35e-4c7e-a3db-eb1e3c689115", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36005", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13079", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36005\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient` receives input `min` or `max` that is nonscalar, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-09-16T22:10:31.000Z\n\ud83d\udccf Modified: 2025-04-23T17:00:39.728Z\n\ud83d\udd17 References:\n1. https://github.com/tensorflow/tensorflow/commit/f3cf67ac5705f4f04721d15e485e192bb319feed\n2. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r26c-679w-mrjm", "creation_timestamp": "2025-04-23T17:04:51.000000Z"}, {"uuid": "873d533e-0f66-4fb5-af62-8361c5f0381b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36002", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13076", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36002\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TensorFlow is an open source platform for machine learning. When `Unbatch` receives a nonscalar input `id`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 4419d10d576adefa36b0e0a9425d2569f7c0189f. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-09-16T22:10:15.000Z\n\ud83d\udccf Modified: 2025-04-23T17:00:58.965Z\n\ud83d\udd17 References:\n1. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mh3m-62v7-68xg\n2. https://github.com/tensorflow/tensorflow/commit/4419d10d576adefa36b0e0a9425d2569f7c0189f", "creation_timestamp": "2025-04-23T17:04:48.000000Z"}, {"uuid": "fe3a31f2-b8e9-4fe4-8b06-00f73727286c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36001", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13075", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-36001\n\ud83d\udd25 CVSS Score: 5.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is not of dtype `float`, it gives a `CHECK` fail that can trigger a denial of service attack. We have patched the issue in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.\n\ud83d\udccf Published: 2022-09-16T22:10:10.000Z\n\ud83d\udccf Modified: 2025-04-23T17:01:05.199Z\n\ud83d\udd17 References:\n1. https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jqm7-m5q7-3hm5\n2. https://github.com/tensorflow/tensorflow/commit/da0d65cdc1270038e72157ba35bf74b85d9bda11", "creation_timestamp": "2025-04-23T17:04:44.000000Z"}, {"uuid": "4768ae4e-c48f-48fc-93d4-473d2ad0d636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36008", "type": "seen", "source": "https://t.me/cibsecurity/48464", "content": "\u203c CVE-2022-36008 \u203c\n\nFrontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this. There are currently no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-20T00:17:49.000000Z"}, {"uuid": "7a842235-6bf3-4c95-8729-5550591bdcf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36009", "type": "seen", "source": "https://t.me/cibsecurity/48463", "content": "\u203c CVE-2022-36009 \u203c\n\ngomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `\"events_default\"` key of the `m.room.power_levels` event, defaulting the event default power level to zero in all cases. Power levels are the matrix terminology for user access level. In rooms where the `\"events_default\"` power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers. gomatrixserverlib contains a fix as of commit `723fd49` and Dendrite 0.9.3 has been updated accordingly. Matrix rooms where the `\"events_default\"` power level has not been changed from the default of zero are not vulnerable. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-20T00:17:49.000000Z"}, {"uuid": "6a385092-6a12-4d12-a528-34f2e94cb847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-36006", "type": "seen", "source": "https://t.me/cibsecurity/48128", "content": "\u203c CVE-2022-36006 \u203c\n\nArvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (\u00e2\u20ac\u0153Workbench 1\u00e2\u20ac\ufffd). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (\u00e2\u20ac\u0153Workbench 2\u00e2\u20ac\ufffd) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based \"Workbench 1\" app (\"apt-get remove arvados-workbench\") from your installation as a workaround.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-15T14:37:41.000000Z"}]}