GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination 

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches, unauthorized access to sensitive information, and potential network intrusions.

**Flask-CORS allows the \`Access-Control-Allow-Private-Network\` CORS header to be set to true by default**

Moderate severity GitHub Reviewed Published Aug 18, 2024 to the GitHub Advisory Database • Updated Aug 19, 2024

Headline

GHSA-hxwh-jpp2-84pm: Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default

ghsa: Latest News