GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.

**Server-Side Template Injection in formio**

Moderate severity GitHub Reviewed Published Jun 3, 2022 • Updated Jun 3, 2022

Headline

GHSA-52vj-mr2j-f8jh: Server-Side Template Injection in formio

Related news

ghsa: Latest News