GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

### Impact

All users of url-to-png. Please see https://github.com/jasonraimondi/url-to-png/issues/47

### Patches

[v2.0.3](https://github.com/jasonraimondi/url-to-png/releases/tag/v2.0.3) requires input url to be of protocol `http` or `https` 

### Workarounds

Requires upgrade.

### References

- https://github.com/jasonraimondi/url-to-png/issues/47
- https://github.com/user-attachments/files/15536336/Arbitrary.File.Read.via.Playwright.s.Screenshot.Feature.Exploiting.File.Wrapper.pdf


**Arbitrary file read via Playwright's screenshot feature exploiting file wrapper**

Moderate severity GitHub Reviewed Published Jun 4, 2024 in jasonraimondi/url-to-png • Updated Jun 5, 2024

Headline

GHSA-665w-mwrr-77q3: Arbitrary file read via Playwright's screenshot feature exploiting file wrapper

Impact

Patches

Workarounds

References

ghsa: Latest News