GHSA-f8x4-f32r-w556: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

GHSA-cx95-q6gx-w4qp: SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

GHSA-g8m5-722r-8whq: Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the `WorkFlow` module. A patch is available at commit cd82ecce44d83f1f6c10c7766bf36f3026de024a.

**YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module**

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

Headline

GHSA-qwc8-vjh3-gm2j: YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module

Related news

ghsa: Latest News