 CYMON Monitoring | Roman Mirolubov 20 April 2026 08:43:21Summary
HCL Verse is susceptible to open source vulnerabilities in the moment, jsoup, commons-fileupload and tinymce components.
Vulnerability Details
CVE-ID: CVE-2022-31129
Description: moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
CVSS Base Score: 5.3 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-ID: CVE-2023-24998
Description: Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
CVSS Base Score: 6.5 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-ID: CVE-2022-23494
Description: tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.
CVSS Base Score: 6.1 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-ID: CVE-2022-36033
Description: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)
CVSS Base Score: 6.1 (Medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products and versions
HCL Verse versions prior to 3.0.2 are impacted.
Remediation/fixes
A fix is available in HCL Verse version 3.0.2.
To download the latest HCL Verse fix releases go to Software License and Download Portal and choose the applicable product/release.
If you have trouble accessing the link above, please follow the instructions for using the Software License and Download Portal here.
Workarounds and Mitigations
None.
References
Complete CVSS v3 Guide On-line Calculator v3
Complete CVSS v2 Guide On-line Calculator v2
Link to Security Bulletin
Please see the security bulletin for vulnerability details and remediation: Security Bulletin: HCL Verse is susceptible to multiple open source vulnerabilities Roman Mirolubov 20 April 2026 08:34:36Summary When an SSL certificate is invalid or malicious, a lack of hostname verification might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. HCL Verse for Android might connect to a malicious host while believing it is a trusted host or be deceived into accepting spoofed data that appears to originate from a trusted host. HCL Verse for Android was found to have hostname verification issues during the server setup and login flows but did not process requests post-login. Vulnerability Details CVE-ID: CVE-2021-27768 Description: Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login. CVSS Base Score: 6.3 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N Affected products and versions HCL Verse for Android versions prior to 12.0.9. Remediation/fixes Install the latest version (12.0.9 or later) from Google Play or your company's application store. As detailed in SSL certificate host verification enhancements in HCL Verse Android, HCL Verse for Android has been warning end-users if the application is connecting to a server where the SSL certificate was not issued to that server since version 12.0.1. Version 12.0.9 changes the warning to enforcement with a complete block for any issues. Workarounds and Mitigations None. References Complete CVSS v3 Guide On-line Calculator v3 Complete CVSS v2 Guide On-line Calculator v2 SSL certificate host verification enhancements in HCL Verse Android Link to Security Bulletin Please see the security bulletin for vulnerability details and remediation: Security Bulletin: An SSL certificate host verification vulnerability affects HCL Verse for Android (CVE-2021-27768) Vladislav Tatarincev 7 April 2026 09:26:12Summary HCL SafeLinx is impacted by multiple open source vulnerabilities.
Security Bulletin: Multiple open source vulnerabilities impact HCL SafeLinx https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129920
Vulnerability Details
CVE-ID: CVE-2022-37434
Description: zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
CVSS Base Score: 9.8 (critical)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-ID: CVE-2022-0778
Description: The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
CVSS Base Score: 7.5 (high)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-ID: CVE-2023-2953
Description: A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.
CVSS Base Score: 7.5 (high)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-ID: CVE-2023-0286
Description: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
CVSS Base Score: 7.4 (high)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-ID: CVE-2008-0171
Description: regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
CVSS Base Score: 5.0 (medium)
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2008-0172
Description: The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
CVSS Base Score: 5.0 (medium)
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected products and versions
Versions of HCL SafeLinx prior to 1.4.1.0 are impacted by CVE-2023- 2953.
Versions of HCL SafeLinx prior to 1.4.2.0 are impacted by CVE-2008-0171, CVE-2008-0172 and CVE-2022-37434.
Versions of HCL SafeLinx prior to 1.4.3.0 are impacted by CVE-2023-0286 and CVE-2022-0778.
Remediation/fixes
A fix for vulnerability CVE-2023- 2953 is available in HCL SafeLinx release 1.4.1.0 and higher.
Fixes for vulnerabilities CVE-2008-0171, CVE-2008-0172 and CVE-2022-37434 are available in HCL SafeLinx releases 1.4.2.0 and higher.
Fixes for vulnerabilities CVE-2023-0286 and CVE-2022-0778 are available in HCL SafeLinx releases 1.4.3.0 and higher.
To download the latest SafeLinx fix releases go to the My HCLSoftware Portal and choose the applicable product/release.
If you have trouble accessing the link above, please follow the instructions for using the My HCLSoftware Portal here.
Workarounds and Mitigations
None
References Roman Mirolubov 1 April 2026 10:41:01Summary
HCL Verse is impacted by vulnerabilities in multiple open source components.
Vulnerability Details
CVE-ID: CVE-2026-27601
Description: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a stack overflow. Untrusted input must be used to create a recursive datastructure, for example using JSON.parse, with no enforced depth limit. The datastructure thus created must be passed to _.flatten or _.isEqual. In the case of _.flatten, the vulnerability can only be exploited if it is possible for a remote client to prepare a datastructure that consists of arrays at all levels AND if no finite depth limit is passed as the second argument to _.flatten. In the case of _.isEqual, the vulnerability can only be exploited if there exists a code path in which two distinct datastructures that were submitted by the same remote client are compared using _.isEqual. For example, if a client submits data that are stored in a database, and the same client can later submit another datastructure that is then compared to the data that were saved in the database previously, OR if a client submits a single request, but its data are parsed twice, creating two non-identical but equivalent datastructures that are then compared. Exceptions originating from the call to _.flatten or _.isEqual, as a result of a stack overflow, are not being caught. This vulnerability is fixed in 1.13.8.
CVSS Base Score: 8.2 (high)
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVE-ID: CVE-2026-29063
Description: Immutable.js provides many Persistent Immutable data structures. Prior to versions 3.8.3, 4.3.7, and 5.1.5, Prototype Pollution is possible in immutable via the mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject() APIs. This issue has been patched in versions 3.8.3, 4.3.7, and 5.1.5.
CVSS Base Score: 8.7 (high)
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVE-ID: CVE-2026-33532
Description: `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `RangeError` is not a `YAMLParseError`, so applications that only catch YAML-specific errors will encounter an unexpected exception type. Depending on the host application's exception handling, this can fail requests or terminate the Node.js process. Flow sequences allow deep nesting with minimal bytes (2 bytes per level: one `[` and one `]`). On the default Node.js stack, approximately 1,000–5,000 levels of nesting (2–10 KB input) exhaust the call stack. The exact threshold is environment-dependent (Node.js version, stack size, call stack depth at invocation). Note: the library's `Parser` (CST phase) uses a stack-based iterative approach and is not affected. Only the compose/resolve phase uses actual call-stack recursion. All three public parsing APIs are affected: `YAML.parse()`, `YAML.parseDocument()`, and `YAML.parseAllDocuments()`. Versions 1.10.3 and 2.8.3 contain a patch.
CVSS Base Score: 4.3 (medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-ID: CVE-2025-13465
Description: Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their original behavior. This issue is patched on 4.17.23
CVSS Base Score: 6.9 (medium)
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:H/SI:H/SA:H/E:P
CVE-ID: CVE-2020-36732
Description: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
CVSS Base Score: 5.3 (medium)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products and versions
HCL Verse versions prior to 3.2.6 Interim Fix 1 are impacted.
Remediation/fixes
A fix is available in HCL Verse version 3.2.6 Interim Fix 1.
Link to Security Bulletin
Please see the security bulletin for vulnerability details and remediation: Security Bulletin: Multiple open source vulnerabilities impact HCL Verse Roman Mirolubov 30 March 2026 08:27:42Overview
HCL Verse is affected by a stored cross-site scripting (XSS) vulnerability. An attacker could exploit this vulnerability to execute scripts in a user’s web browser and potentially obtain the user’s cookies, session tokens, or other sensitive information.
Vulnerability Details
CVE-ID: CVE-2023-37496
Description: HCL Verse is affected by a stored cross-site scripting (XSS) vulnerability. By tricking a user into opening a specially crafted email message, a remote attacker can trigger this vulnerability. The attacker may exploit it to execute scripts in the user’s web browser and potentially obtain cookie-based data, session tokens, or other sensitive information.
CVSS Base Score: 8.3 (High)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Affected Products and Versions
Releases prior to HCL Verse 3.1 are affected.
Fix
This issue has been fixed in HCL Verse 3.1.
To download the latest version, access My HCLSoftware and select the available product/release.
If you encounter issues accessing the download site, follow the instructions provided in “About the My HCLSoftware Portal.”
Workarounds
There are no effective workarounds for unpatched releases.
CVE-2023-37496 was reported to HCLSoftware by Stephen Maclachlan of Leonardo Cyber & Security.
Link to Security Bulletin Please see the security bulletin for vulnerability details and remediation: Impact of Stored Cross-Site Scripting (XSS) Vulnerability on HCL Verse (CVE-2023-37496) Vladislav Tatarincev 27 March 2026 11:15:39Summary
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. Databases created from this template are impacted by this vulnerability.
Vulnerability Details
CVE-ID: CVE-2023-37539 Description: The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it. CVSS Base Score: 8.4 (High) CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Affected products and versions
The Catalog template released with HCL Domino versions 11 (end of service), 12 and 14 are impacted.
Earlier releases may also be affected.
Updated templates for versions 12 and 14 can be downloaded here:
V12.0.2 catalog.ntf https://support.hcl-software.com/sys_attachment.do?sys_id=f0e497d63bb3be9028f8f547f4e45ad8
V14.0.0 catalog.ntf https://support.hcl-software.com/sys_attachment.do?sys_id=78e497d63bb3be9028f8f547f4e45ada
Remediation/fixes
A fix is not available at this time, so please see the Workarounds and Mitigations section.
This issue is tracked by SPR# EPORCM4RJB.
Workarounds and Mitigations
The Catalog is a shared resource for Notes/Domino users. The ability to edit Catalog entries should be restricted to Domino Administrators/trusted users only. Access can be managed through the use of Access Control Lists (ACLs) via the HCL Notes Client.
Link to Security Bulletin Please see the security bulletin for vulnerability details and remediation: The HCL Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability Vladislav Tatarincev 26 March 2026 16:12:10Summary
An XXE vulnerability in Apache Tika impacts HCL Notes. An unauthenticated attacker could leverage this vulnerability to carry out an injection attack.
Vulnerability Details
CVE-ID: CVE-2025-54988
Description: Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue.
CVSS Base Score: 8.4 (high)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Link to Security Bulletin
Please see the security bulletin for vulnerability details and remediation: HCL Notes is affected by an XML External Entity (XXE) vulnerability in Apache Tika (CVE-2025-54988) Vladislav Tatarincev 26 March 2026 14:58:53Summary
HCL Nomad for Android is susceptible to a cookie overflow vulnerability in libcurl.
Vulnerability Details
CVE-ID: CVE-2025-9086
Description: 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\"/\",`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
CVSS 3.1 Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Link to Security Bulletin
Please see the security bulletin for vulnerability details and remediation: HCL Nomad for Android is susceptible to a cookie overflow vulnerability in libcurl (CVE-2025-9086) Vladislav Tatarincev 26 March 2026 14:52:41Summary
HCL Nomad for iOS is susceptible to a cookie overflow vulnerability in libcurl.
Vulnerability Details
CVE-ID: CVE-2025-9086
Description: 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\"/\",`). Since this site is not secure, the cookie *should* just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
CVSS 3.1 Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Link to Security Bulletin
Please see the security bulletin for vulnerability details and remediation: HCL Nomad for iOS is susceptible to a cookie overflow vulnerability in libcurl (CVE-2025-9086) Vladislav Tatarincev 26 March 2026 14:51:39Summary
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage vulnerability.
Vulnerability Details
CVE-ID: CVE-2024-42192
Description: HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.
CVSS Base Score: 5.5
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Link to Security Bulletin
Please see the security bulletin for vulnerability details and remediation: HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage (CVE-2024-42192) |
|