GHSA-f679-254h-qhvj: Leantime allows Cross-Site Scripting (XSS)

GHSA-95j3-435g-vjcp: Leantime affected by Improper Neutralization of HTML Tags

GHSA-3hfj-qcvj-4hx8: Leantime has Missing Authorization Check for Host Parameter

GHSA-38h4-fx85-qcx7: Exiv2 allows Use After Free

GHSA-c39w-3pjx-qc7m: Leantime allows Stored Cross-Site Scripting (XSS)

In September 2021, security researchers discovered a malicious Composer package called `symfont/process`, a typosquat targeting users of `symfony/process`. The malicious package has since been removed from Packagist.

**symfont/process typosquatting malware spoofs symfony/process**

High severity GitHub Reviewed Published Jan 26, 2023 to the GitHub Advisory Database • Updated Jan 26, 2023

Headline

GHSA-g3j5-mpp2-2fqm: symfont/process typosquatting malware spoofs symfony/process

ghsa: Latest News