GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

GHSA-m52v-24p8-654f: SurrealDB has an Uncaught Exception Sorting Tables by Random Order

GHSA-jc55-246c-r88f: SurrealDB has an Uncaught Exception Handling Nonexistent Role

GHSA-h4f5-h82v-5w4r: SurrealDB has an Uncaught Exception in Function Generating Random Time

In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion step does not occur for certain exceptions.

**JFinal file validation vulnerability**

High severity GitHub Reviewed Published May 25, 2022 • Updated May 25, 2022

Headline

GHSA-279p-pc38-xx4p: JFinal file validation vulnerability

ghsa: Latest News