GHSA-26jh-r8g2-6fpr: Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list

GHSA-gvv6-33j7-884g: Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files

GHSA-279j-x4gx-hfrh: Gradio uses insecure communication between the FRP client and server

GHSA-xh2x-3mrm-fwqm: Gradio has a race condition in update_root_in_config may redirect user traffic

GHSA-j757-pf57-f8r4: Gradio performs a non-constant-time comparison when comparing hashes

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though.

**Mattermost Injection vulnerability**

Low severity GitHub Reviewed Published Nov 27, 2023 to the GitHub Advisory Database • Updated Nov 28, 2023

Headline

GHSA-jcgv-3pfq-j4hr: Mattermost Injection vulnerability

ghsa: Latest News