GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

### Impact

Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process.

### Patches

This has been patched in v6.19.2.

### Workarounds

There are no known workaround.

### References

https://github.com/nodejs/undici/issues/3337
https://github.com/nodejs/undici/issues/3328
https://github.com/nodejs/undici/pull/3338
https://github.com/nodejs/undici/commit/f979ec3204ca489abf30e7d20e9fee9ea7711d36

**Undici vulnerable to data leak when using response.arrayBuffer()**

Low severity GitHub Reviewed Published Jul 8, 2024 in nodejs/undici • Updated Jul 9, 2024

Headline

GHSA-3g92-w8c5-73pq: Undici vulnerable to data leak when using response.arrayBuffer()

Impact

Patches

Workarounds

References

ghsa: Latest News