GHSA-9722-9j67-vjcr: Improper Authorization in Select Permissions

GHSA-qjrv-v6qp-x99x: SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

GHSA-f3cx-396f-7jqp: Livewire Remote Code Execution on File Uploads

GHSA-ffcv-v6pw-qhrp: Denial of Service in TYPO3 Bookmark Toolbar

GHSA-9cp9-8gw2-8v7m: Adguard Home arbitrary file read vulnerability

### Impact
A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser.

### Patches
The problem is patched in version 1.2.17 of the LRS library and [version 0.7.5 of SQL LRS](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5).

### Workarounds
No workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately.

### References
* [LRS Tag](https://github.com/yetanalytics/lrs/releases/tag/v1.2.17)
* [LRS lib on Clojars](https://clojars.org/com.yetanalytics/lrs/versions/1.2.17)
* [SQL LRS 0.7.5 Release](https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5)


**Cross-site Scripting Vulnerability in Statement Browser**

Moderate severity GitHub Reviewed Published Feb 20, 2024 in yetanalytics/lrs • Updated Feb 21, 2024

Headline

GHSA-7rw2-3hhp-rc46: Cross-site Scripting Vulnerability in Statement Browser

Impact

Patches

Workarounds

References

ghsa: Latest News