GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

GHSA-3hxg-fxwm-8gf7: CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes 

GHSA-82j3-hf72-7x93: Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)

GHSA-29wx-vh33-7x7r: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations

GHSA-7vm6-qwh5-9x44: loona-hpack Panic Vulnerability

An insufficient entropy vulnerability was found in the Openshift Console. In the authorization code type and implicit grant type, the OAuth2 protocol is vulnerable to a Cross-Site Request Forgery (CSRF) attack if the state parameter is used inefficiently. This flaw allows logging into the victim’s current application account using a third-party account without any restrictions.

**Openshift Console insufficient entropy vulnerability**

High severity GitHub Reviewed Published Aug 21, 2024 to the GitHub Advisory Database • Updated Aug 21, 2024

Headline

GHSA-4crf-28c7-v4gr: Openshift Console insufficient entropy vulnerability

ghsa: Latest News