Author: Robert

Vaultwarden is a Bitwarden-compatible server written in Rust. In versions prior to 1.35.4, the login brute-force protection can be bypassed when email 2FA is enabled on the instance. The unprotected `send_email_login` endpoint acts as an oracle for valid username-password combinations, allowing an attacker to brute-force passwords without rate-limiting. This affects all users on the instance, even those who have not configured email 2FA themselves.

Gitea is an open-source self-hosted Git service. In versions prior to 1.25.5, the `dump-repo` CLI command is vulnerable to a path traversal attack allowing arbitrary file writes with attacker-controlled content.

Taiga is an open-source project management tool. In taiga-front versions up to 6.9.0, the `textToHTML` function insufficiently sanitizes user-controlled input, allowing injection of JavaScript event attributes via permitted HTML tags. This can be exploited to steal session tokens from local storage. The issue has been fixed in version 6.9.1.