GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

### Impact

When using the `Extract()` method of unzip-stream, malicious zip files were able to write to paths they shouldn't be allowed to.

### Patches

Fixed in 0.3.2

### References

- https://snyk.io/research/zip-slip-vulnerability
- https://github.com/mhr3/unzip-stream/compare/v0.3.1...v0.3.2

### Credits

Justin Taft from Google

**unzip-stream allows Arbitrary File Write via artifact extraction**

High severity GitHub Reviewed Published Aug 25, 2024 in mhr3/unzip-stream • Updated Aug 26, 2024

Headline

GHSA-6jrj-vc65-c983: unzip-stream allows Arbitrary File Write via artifact extraction

Impact

Patches

References

Credits

ghsa: Latest News