GHSA-9x4v-xfq5-m8x5: Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)

GHSA-mj4v-hp69-27x5: Plenti  - Code Injection - Denial of Services

GHSA-vqv5-385r-2hf8: Contrast's unauthenticated recovery allows Coordinator impersonation

GHSA-g6qq-c9f9-2772: Keycloak on Quarkus CLI option for encrypted JGroups ignored

GHSA-79f6-p65j-3m2m: MobSF Local Privilege Escalation

MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen.

**Code execution in metagpt**

High severity GitHub Reviewed Published Jan 22, 2024 to the GitHub Advisory Database • Updated Jan 22, 2024

Headline

GHSA-g7ph-8423-pf4j: Code execution in metagpt

ghsa: Latest News