GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

GHSA-q78v-cv36-8fxj: Devtron has SQL Injection in CreateUser API

### Impact
An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service.

### Patches
The problem has been patched. All users are advised to upgrade to v3.1.5 or v2.1.9.

### Workarounds
None.

### References
https://github.com/SixLabors/ImageSharp/pull/2754
https://github.com/SixLabors/ImageSharp/pull/2756


**SixLabors ImageSharp Out-of-bounds Write**

High severity GitHub Reviewed Published Jul 22, 2024 in SixLabors/ImageSharp • Updated Jul 22, 2024

Headline

GHSA-63p8-c4ww-9cg7: SixLabors ImageSharp Out-of-bounds Write

Impact

Patches

Workarounds

References

ghsa: Latest News