GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.

**Package**

gomod code.cloudfoundry.org/archiver (Go)

**Affected versions**

< 0.0.0-20180523222229-09b5706aa936

**Patched versions**

0.0.0-20180523222229-09b5706aa936

gomod github.com/cloudfoundry/archiver (Go)

< 0.0.0-20180523222229-09b5706aa936

0.0.0-20180523222229-09b5706aa936

Headline

GHSA-32qh-8vg6-9g43: Cloud Foundry Archiver vulnerable to path traversal

Related news

ghsa: Latest News