GHSA-3qhf-m339-9g5v: MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

GHSA-j975-95f5-7wqh: MCP Python SDK has Unhandled Exception in Streamable HTTP Transport ,Leading to Denial of Service

GHSA-j4rj-fgcq-wmqp: Cockpit - Content Platform vulnerable to XSS through name or email argument names

GHSA-p85q-mww9-gwqf: Citizen Short Description stored XSS vulnerability through wikitext

GHSA-prmv-7r8c-794g: Citizen vulnerable to Stored XSS through short descriptions

### Impact
An attacker can execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue.

### Patches
This issue is patched in gajira-create version 2.0.1.

### Workarounds
There are no known workarounds.

### References
[GitHub Security Lab advisory GHSL-2020-172](https://securitylab.github.com/advisories/GHSL-2020-172-gajira-create-action)

**gajira-create GitHub action vulnerable to arbitrary code execution**

Critical severity GitHub Reviewed Published Oct 7, 2022 in atlassian/gajira-create • Updated Oct 7, 2022

Headline

GHSA-4xqx-pqpj-9fqw: gajira-create GitHub action vulnerable to arbitrary code execution

Impact

Patches

Workarounds

References

ghsa: Latest News