GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination 

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

### Impact
A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser.

### Patches
The problem is patched in version 1.2.17 of the LRS library and [version 0.7.5 of SQL LRS](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5).

### Workarounds
No workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately.

### References
* [LRS Tag](https://github.com/yetanalytics/lrs/releases/tag/v1.2.17)
* [LRS lib on Clojars](https://clojars.org/com.yetanalytics/lrs/versions/1.2.17)
* [SQL LRS 0.7.5 Release](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5)


**Cross-site Scripting Vulnerability in Statement Browser**

Moderate severity GitHub Reviewed Published Feb 20, 2024 in yetanalytics/lrs • Updated Feb 21, 2024

Headline

GHSA-7rw2-3hhp-rc46: Cross-site Scripting Vulnerability in Statement Browser

Impact

Patches

Workarounds

References

ghsa: Latest News