2023-52 - GitHub Published on January 1, 2024

Advisory Week

Week 52, 2023

Github Security Advisories

[GHSA-fwvg-2739-22v7] Miniflare vulnerable to Server-Side Request Forgery (SSRF)

[GHSA-43w4-4j3c-jx29] Winter CMS Stored XSS through Backend ColorPicker FormWidget

[GHSA-4wvw-75qh-fqjp] Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming

[GHSA-wpmx-564x-h2mh] ewen-lbh/ffcss Late-Unicode normalization vulnerability

[GHSA-7hpj-7hhx-2fgx] msgpackr's conversion of property names to strings can trigger infinite recursion

[GHSA-xhvv-3jww-c487] ActiveAdmin CSV Injection leading to sensitive information disclosure

[GHSA-cw2r-4p82-qv79] DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value

[GHSA-mw99-9chc-xw7r] Maliciously crafted Git server replies can cause DoS on go-git clients