GHSA-3w94-vq2x-v5wr: ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

GHSA-m43g-m425-p68x: junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener 

GHSA-hc55-p739-j48w: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

GHSA-q66q-fx2p-7w4m: @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

GHSA-h34r-jxqm-qgpr: juju/utils leaks private key in certs

In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. This issue is patched in version 1.3.0, and users are recommended to upgrade.

**Apache Linkis subject to Remote Code Execution via deserialization**

Moderate severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 27, 2022

Headline

GHSA-3f3w-gmqf-4hj3: Apache Linkis subject to Remote Code Execution via deserialization

ghsa: Latest News