GHSA-76mw-6p95-x9x5: pac4j-core affected by a Java deserialization vulnerability

GHSA-6h64-g7cj-hj56: Lord of Large Language Models (LoLLMs)  path traversal vulnerability in the api open_personality_folder endpoint

GHSA-vgxq-6rcf-qwrw: angular-base64-upload vulnerable to unauthenticated remote code execution

GHSA-8rm2-93mq-jqhc: Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

GHSA-gx9m-whjm-85jf: DOMpurify has a nesting-based mXSS

# Impact
Due to insufficient class name validation in GrapeJS library it's possible to add executable JS code in class name through Selector Manager

# Relates to
 - [https://github.com/artf/grapesjs/issues/4411](https://github.com/artf/grapesjs/issues/4411)

# Patch
Update GrapeJS dependency to >=[v0.19.5](https://github.com/artf/grapesjs/releases/tag/v0.19.5)


**OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor**

Moderate severity GitHub Reviewed Published Jul 15, 2022 in oroinc/orocommerce • Updated Jul 15, 2022

Headline

GHSA-6f85-3f8q-qc94: OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor

Impact

Relates to

Patch

ghsa: Latest News