GHSA-fm76-w8jw-xf8m: @saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source

GHSA-78p3-fwcq-62c2: @saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution  by manipulating `lang` and  `defstring` parameters when setting localizer strings

GHSA-cfqx-f43m-vfh7: @saltcorn/server arbitrary file and directory listing when accessing build mobile app results

GHSA-277h-px4m-62q8: @saltcorn/server arbitrary file zip read and download when downloading auto backups

GHSA-5gc2-7c65-8fq8: async-graphql Directive Overload

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

**Answer vulnerable to Stored Cross-site Scripting**

Moderate severity GitHub Reviewed Published Mar 21, 2023 to the GitHub Advisory Database • Updated Mar 21, 2023

Headline

GHSA-83qr-c7m9-wmgw: Answer vulnerable to Stored Cross-site Scripting

Related news

ghsa: Latest News