GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

Lack of proper input validation and constraint enforcement in Apache Ambari prior to 2.7.8  

 Impact : As it will be stored XSS, Could be exploited to perform unauthorized actions, varying from data access to session hijacking and delivering malicious payloads. 

Users are recommended to upgrade to version  2.7.8 which fixes this issue.



**Apache Ambari: Various Cross site scripting problems**

Moderate severity GitHub Reviewed Published Mar 1, 2024 to the GitHub Advisory Database • Updated Mar 1, 2024

Headline

GHSA-9q6v-rxmw-g3gh: Apache Ambari: Various Cross site scripting problems

ghsa: Latest News