GHSA-7pq5-qcp6-mcww: CKAN has an XSS vector in user uploaded images in group/org and user profiles

GHSA-w3pj-wh35-fq8w: GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

### Impact
Agents running on macOS could be susceptible to unexpected code execution through user supplied environment variables.

### Patches
Fixed in versions 14.2.4, 13.4.13 and 12.4.31.

### References
* Fix PR: https://github.com/gravitational/teleport/pull/36132


**User-provided environment values allow execution on macOS agents**

High severity GitHub Reviewed Published Dec 29, 2023 in gravitational/teleport • Updated Jan 3, 2024

Headline

GHSA-vfxf-76hv-v4w4: User-provided environment values allow execution on macOS agents

Impact

Patches

References

ghsa: Latest News