GHSA-3w94-vq2x-v5wr: ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

GHSA-m43g-m425-p68x: junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener 

GHSA-hc55-p739-j48w: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

GHSA-q66q-fx2p-7w4m: @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

GHSA-h34r-jxqm-qgpr: juju/utils leaks private key in certs

Apache IoTDB versions 0.12.2 through 0.12.6, and 0.13.0 through 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. This issue is patched in 0.13.3. Users should upgrade or use a later version of Java to avoid it.

**Apache IoTDB subject to ReDOS with Java 8**

High severity GitHub Reviewed Published Oct 26, 2022 • Updated Oct 31, 2022

Headline

GHSA-g6hg-4v3c-6jq7: Apache IoTDB subject to ReDOS with Java 8

ghsa: Latest News