GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server

GHSA-9pp6-wq8c-3w2c: Gogs allows argument injection during the previewing of changes

GHSA-ccqv-43vm-4f3w: Gogs allows deletion of internal files

### Impact

A user can reuse an expired session by controlling the `x-workos-session` header.

### Patches

Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

**@workos-inc/authkit-nextjs session replay vulnerability**

Moderate severity GitHub Reviewed Published Mar 28, 2024 in workos/authkit-nextjs • Updated Mar 29, 2024

Headline

GHSA-35w3-6qhc-474v: @workos-inc/authkit-nextjs session replay vulnerability

Impact

Patches

ghsa: Latest News