GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

GHSA-v7gv-xpgf-6395: Keycloak Build Process Exposes Sensitive Data

GHSA-5545-r4hg-rj4m: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path

GHSA-qpgc-w4mg-6v92: MLflow's excessive directory permissions allow local privilege escalation

GHSA-3864-rp2m-2qfj: libre-chat Path Traversal vulnerability

Serilog (before v2.1.0) contains a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses in log files by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.

It is not possible to configure Serilog.Enrichers.ClientInfo to not trust the X-Forwarded-For header.

**Serilog Client IP Spoofing vulnerability**

Moderate severity GitHub Reviewed Published Aug 29, 2024 to the GitHub Advisory Database • Updated Aug 29, 2024

Headline

GHSA-5x5q-cqf6-gj8r: Serilog Client IP Spoofing vulnerability

ghsa: Latest News