This week we have some fun with some bugs that really shouldn't have passed code-review, we of course talk about Spring4Shell/SpringShell and dive into the decade long history of that bug, and a bit of discussion about triaging more subtle bugs.
Some easy vulnerabilities this week, a directory traversal due to a bad regex, a simply yet somewhat mysterious authentication bypass, arbitrary file read in GitLab thanks to archives with symlinks, and a PHP filter_var bypass.
Several easy issues this week from leaking envrionment variables, to gaining host code execution and an XSS to RCE.
We've got some cloud issues this week, in Azure Automation and GKE Autopilot along with a couple other interesting chains.
A few interesting issues you this week, a JS race condition in some auth related code for Facebook, some fake prepared queries, and a RCE through sed commands (in pfSense)
Re-accessing the stup page, an unlikely scenario leaking Github Secrets, and a proxying issue in Carbon Black.
Lets talk about "sidedoors" this week, with two vulnerabilities abusing alternative access points, along with an overly verbose error message that actually had some immediate impact, and a look at the challenges of client-sided session.
CSRF lives again in the form of CORF, Cross-Origin Request Forgery with an attack against Grafana. We also take a look at some baby monitor issues and a de-anonymization attack against Twitter.
A "maybe" issue this week in Ruby's net/http library, some long chains leading to XSS, and a look at abusing parameter injection for SSRF in applications integrating with the Google Drive API.
A few unique issues this week, routing issues in ManageEngine, a Little Snitch bypass, an undecodable characters leading to a denial of service.