GHSA-j3px-q95c-9683: zlib-rs stack overflow during decompression with malicious input

GHSA-p2h2-3vg9-4p87: Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

GHSA-hff8-hjwv-j9q7: Remote Code Execution on click of <a> Link in markdown preview

GHSA-rp9h-rf7g-hwgr: s2n-tls has undefined behavior at process exit

GHSA-4277-m35q-7c9w: Salt preflight script could be attacker controlled

### Impact
A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser.

### Patches
The problem is patched in version 1.2.17 of the LRS library and [version 0.7.5 of SQL LRS](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5).

### Workarounds
No workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately.

### References
* [LRS Tag](https://github.com/yetanalytics/lrs/releases/tag/v1.2.17)
* [LRS lib on Clojars](https://clojars.org/com.yetanalytics/lrs/versions/1.2.17)
* [SQL LRS 0.7.5 Release](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5)


**Cross-site Scripting Vulnerability in Statement Browser**

Moderate severity GitHub Reviewed Published Feb 20, 2024 in yetanalytics/lrs • Updated Feb 21, 2024

Headline

GHSA-7rw2-3hhp-rc46: Cross-site Scripting Vulnerability in Statement Browser

Impact

Patches

Workarounds

References

ghsa: Latest News