AdvisoryWeek
Subscribe
Archives
2022-51 - Mozilla, GitHub
Published on December 26, 2022
Email address
Subscribe
Advisory Week
Week 51, 2022
National Cyber Awareness System
CISA Releases Four Industrial Control Systems Advisories
CISA Releases Six Industrial Control Systems Advisories
Mozilla Security Advisories
Security Vulnerabilities fixed in Thunderbird 102.6.1 mfsa2022-54
Github Security Advisories
[GHSA-6mv3-wm7j-h4w5] Tauri Filesystem Scope Glob Pattern is too Permissive
[GHSA-6cq5-8cj7-g558] CodeIgniter4 Potential Session Handlers Vulnerability
[GHSA-ghw3-5qvm-3mqc] CodeIgniter4 allows spoofing of IP address when using proxy
[GHSA-hjrf-2m68-5959] jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC
[GHSA-qwph-4952-7xr6] jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()
[GHSA-8cf7-32gw-wr33] jsonwebtoken unrestricted key type could lead to legacy keys usage
[GHSA-27h2-hvpr-p74q] jsonwebtoken has insecure input validation in jwt.verify function
[GHSA-p82q-rxpm-hjpc] AAD Pod Identity obtaining token with backslash
[GHSA-m3cq-xcx9-3gvm] Bypass of verifyImages rule possible with malicious proxy/registry
[GHSA-m3q4-7qmj-657m] OpenFGA Authorization Bypass
[GHSA-h4q8-96p6-jcgr] ghinstallation returns app JWT in error responses
[GHSA-cq2g-pw6q-hf7j] Cortex's Alertmanager can expose local files content via specially crafted config