GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the `autoDeserialize` option filtering by adding blanks.  Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7674 to solve it.

**Apache InLong Deserialization of Untrusted Data Vulnerability**

High severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Headline

GHSA-c3rh-f2w5-fghm: Apache InLong Deserialization of Untrusted Data Vulnerability

ghsa: Latest News