GHSA-8pmp-678w-c8xx: gitsign may use incorrect Rekor entries during verification

GHSA-wvv7-wm5v-w2gv: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

GHSA-cc6x-8cc7-9953: OctoPrint has API key access in settings without reauthentication

GHSA-xvxq-g8hw-fx4g: OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

All versions of package `com.alibaba.oneagent:one-java-agent-plugin` are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. `../../evil.exe`). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

**Path Traversal in com.alibaba.oneagent:one-java-agent-plugin**

Moderate severity GitHub Reviewed Published May 3, 2022 • Updated May 20, 2022

Headline

GHSA-9hr3-j9mc-xmq2: Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

ghsa: Latest News