GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname

GHSA-7mr7-4f54-vcx5: HTTP Client uses incorrect token after refresh

GHSA-hfq9-hggm-c56q: XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream

GHSA-2w5v-x29g-jw7j: Hashicorp Nomad Incorrect Authorization vulnerability

GHSA-3m9x-2qfj-xvq4: PHPExcel XXE Vulnerability

All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash.

**Note:**
By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash.

**images vulnerable to Denial of Service**

High severity GitHub Reviewed Published Jul 10, 2024 to the GitHub Advisory Database • Updated Jul 10, 2024

Headline

GHSA-vjpv-x8p9-7p85: images vulnerable to Denial of Service

ghsa: Latest News