AdvisoryWeek
Subscribe
Archives
2023-52 - GitHub
Published on January 1, 2024
Email address
Subscribe
Advisory Week
Week 52, 2023
Github Security Advisories
[GHSA-fwvg-2739-22v7] Miniflare vulnerable to Server-Side Request Forgery (SSRF)
[GHSA-43w4-4j3c-jx29] Winter CMS Stored XSS through Backend ColorPicker FormWidget
[GHSA-4wvw-75qh-fqjp] Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
[GHSA-wpmx-564x-h2mh] ewen-lbh/ffcss Late-Unicode normalization vulnerability
[GHSA-7hpj-7hhx-2fgx] msgpackr's conversion of property names to strings can trigger infinite recursion
[GHSA-xhvv-3jww-c487] ActiveAdmin CSV Injection leading to sensitive information disclosure
[GHSA-cw2r-4p82-qv79] DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
[GHSA-mw99-9chc-xw7r] Maliciously crafted Git server replies can cause DoS on go-git clients