GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

automad up to 1.10.9 is vulnerable to an authenticated blind server-side request forgery in `importUrl` as the `import` function on the `FileController.php` file was not properly validating the value of the `importUrl` argument. This issue may allow attackers to perform a port scan against the local environment or abuse some service.

**Authenticated Blind SSRF in automad/automad**

Moderate severity GitHub Reviewed Published Dec 21, 2023 to the GitHub Advisory Database • Updated Dec 29, 2023

Headline

GHSA-q5q3-qm26-9jwm: Authenticated Blind SSRF in automad/automad

ghsa: Latest News