GHSA-mm6v-68qp-f9fw: Crayfish allows Remote Code Execution via Homarus Authorization header

GHSA-c873-wfhp-wx5m:  SP1 has missing verifier checks and fiat-shamir observations

GHSA-7pq6-v88g-wf3w: Sentry's improper authentication on SAML SSO process allows user impersonation

GHSA-2c6g-pfx3-w7h8: Insecure Temporary File in RESTEasy

GHSA-5m7j-6gc4-ff5g: Mattermost fails to properly validate post props

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

**Cross-site Scripting (XSS) in serve-lite**

Moderate severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 30, 2023

Headline

GHSA-j8x7-qcw4-xx85: Cross-site Scripting (XSS) in serve-lite

ghsa: Latest News