{"vulnerability": "cve-2023-4763", "sightings": [{"uuid": "02291365-073e-4246-819c-1961ad4d7aba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47634", "type": "seen", "source": "Telegram/6isYHg3MNxTnC3IUwwb4ajMv3XjbiqRKA1su90NFdB0i45BV", "content": "", "creation_timestamp": "2025-02-14T21:09:17.000000Z"}, {"uuid": "805eba60-ca04-428c-8c01-8ab9ead96c51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47639", "type": "seen", "source": "https://t.me/cvedetector/22014", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-47639 - API Platform Core Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2023-47639 \nPublished : April 3, 2025, 5:15 p.m. | 1\u00a0hour, 56\u00a0minutes ago \nDescription : API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-03T21:55:52.000000Z"}, {"uuid": "255818e3-8328-4466-ac73-096d03e71e17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47634", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4480", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-47634\n\ud83d\udd25 CVSS Score: 3.0 (CVSS_V3)\n\ud83d\udd39 Description: ### Impact\n\nA race condition in the endorsement of resources (for instance, a proposal) allows a user to make more than once endorsement.\n\nTo exploit this vulnerability, the request to set an endorsement must be sent several times in parallel.\n \n### Workarounds\n\nDisable the Endorsement feature in the components.\n\ud83d\udccf Published: 2024-02-20T18:02:52Z\n\ud83d\udccf Modified: 2025-02-14T18:35:17Z\n\ud83d\udd17 References:\n1. https://github.com/decidim/decidim/security/advisories/GHSA-r275-j57c-7mf2\n2. https://nvd.nist.gov/vuln/detail/CVE-2023-47634\n3. https://github.com/decidim/decidim/commit/5c5ee7a50d75c10643dd8c495e2517641e4d74db\n4. https://github.com/decidim/decidim/commit/7b840d2c37a562709f4481db644d8c43add28536\n5. https://github.com/decidim/decidim\n6. https://github.com/decidim/decidim/releases/tag/v0.26.9\n7. https://github.com/decidim/decidim/releases/tag/v0.27.5\n8. https://github.com/decidim/decidim/releases/tag/v0.28.0\n9. https://github.com/rubysec/ruby-advisory-db/blob/master/gems/decidim/CVE-2023-47634.yml", "creation_timestamp": "2025-02-14T19:16:17.000000Z"}, {"uuid": "39bb9ccd-2192-400f-a443-79a4febf3424", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47635", "type": "seen", "source": "https://t.me/arpsyndicate/3849", "content": "#ExploitObserverAlert\n\nCVE-2023-47635\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2023-47635. Decidim is a participatory democracy framework. Starting in version 0.23.0 and prior to versions 0.27.5 and 0.28.0, the CSRF authenticity token check is disabled for the questionnaire templates preview. The issue does not imply a serious security thread as you need to have access also to the session cookie in order to see this resource. This URL does not allow modifying the resource but it may allow attackers to gain access to information which was not meant to be public. The issue is fixed in version 0.27.5 and 0.28.0. As a workaround, disable the templates functionality or remove all available templates.", "creation_timestamp": "2024-02-21T15:34:16.000000Z"}, {"uuid": "b44b50d2-a2ee-4f29-825d-83a51d667564", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47634", "type": "seen", "source": "https://t.me/ctinow/203417", "content": "https://ift.tt/b3Z9uK2\nCVE-2023-47634 | Decidim up to 0.26.8/0.27.4 Endorsement race condition (GHSA-r275-j57c-7mf2)", "creation_timestamp": "2024-03-08T16:21:37.000000Z"}, {"uuid": "046194fb-1eec-4779-84c1-b6ee4d48bb49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4763", "type": "seen", "source": "https://t.me/true_secator/4821", "content": "Google \u0442\u0435\u043f\u0435\u0440\u044c \u0443\u0436\u0435 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0435\u0436\u0435\u043d\u0435\u0434\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Chrome 116.\n\n\u041f\u0435\u0440\u0432\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2023-4761, \u043e\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0433\u0440\u0430\u043d\u0438\u0446 \u0432 API FedCM (Federated Credential Management).\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043a\u043e\u043d\u0435\u0447\u043d\u043e\u043c \u0438\u0442\u043e\u0433\u0435 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS \u0438\u043b\u0438 \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c\u0441\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430.\n\n\u0412\u0442\u043e\u0440\u043e\u0439 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a \u2014 \u044d\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u044b \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript V8. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2023-4762, \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u0445\u043e\u0434\u0443 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043c\u044f\u0442\u0438.\n\n\u0422\u0440\u0435\u0442\u044c\u044f \u043e\u0448\u0438\u0431\u043a\u0430, CVE-2023-4763, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 \u00ab\u0441\u0435\u0442\u0438\u00bb Chrome. \u041e\u043d\u0430\u00a0\u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0434\u043b\u044f RCE \u0438\u043b\u0438 DoS, \u0438 \u0432 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0438 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 - \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043f\u043e\u043b\u043d\u043e\u0439 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b.\n\n\u0427\u0435\u0442\u0432\u0435\u0440\u0442\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 \u044d\u0442\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 Chrome 116, -  CVE-2023-4764, \u0437\u043f\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 BFCache, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0439 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443 \u0434\u043b\u044f \u043f\u043e\u0434\u043c\u0435\u043d\u044b \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e URL-\u0441\u0442\u0440\u043e\u043a\u0438.\n\nGoogle \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0437\u043b\u043e\u043d\u0430\u043c\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u043e\u0441\u043b\u0435\u0434\u043d\u044f\u044f \u0432\u0435\u0440\u0441\u0438\u044f Chrome \u0442\u0435\u043f\u0435\u0440\u044c \u0432\u044b\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043a\u0430\u043a 116.0.5845.179 \u0434\u043b\u044f macOS \u0438 Linux \u0438 \u043a\u0430\u043a \u0432\u0435\u0440\u0441\u0438\u0438 116.0.5845.179/.180 \u0434\u043b\u044f Windows.", "creation_timestamp": "2023-09-07T16:20:05.000000Z"}, {"uuid": "62681320-90d4-4f93-b689-ede53813b26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47635", "type": "seen", "source": "https://t.me/ctinow/203418", "content": "https://ift.tt/K2nQ1fx\nCVE-2023-47635 | Decidim up to 0.27.4 server-side request forgery", "creation_timestamp": "2024-03-08T16:21:38.000000Z"}, {"uuid": "fdedcca4-405a-4a6f-afb2-ff1592fdf0c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47635", "type": "seen", "source": "https://t.me/ctinow/188839", "content": "https://ift.tt/IwQ7AhN\nCVE-2023-47635", "creation_timestamp": "2024-02-20T19:27:09.000000Z"}, {"uuid": "b906080b-2128-4d6f-8c10-6f08d3b3d5bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-47635", "type": "seen", "source": "https://t.me/ctinow/188855", "content": "https://ift.tt/IwQ7AhN\nCVE-2023-47635", "creation_timestamp": "2024-02-20T19:31:50.000000Z"}, {"uuid": "20634083-f8fe-475f-9857-d07d3010d93f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4763", "type": "seen", "source": "https://t.me/cibsecurity/69919", "content": "\u203c CVE-2023-4763 \u203c\n\nUse after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T02:17:26.000000Z"}]}