GHSA-8pmp-678w-c8xx: gitsign may use incorrect Rekor entries during verification

GHSA-wvv7-wm5v-w2gv: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

GHSA-cc6x-8cc7-9953: OctoPrint has API key access in settings without reauthentication

GHSA-xvxq-g8hw-fx4g: OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates

GHSA-g5vw-3h65-2q3v: Access control vulnerable to user data deletion by anonynmous users

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

**Package**

maven com.alibaba:dubbo (Maven)

**Affected versions**

\>= 2.5.0, < 2.6.12

**Package**

maven org.apache.dubbo:dubbo (Maven)

**Affected versions**

\>= 2.5.0, < 2.7.15

Headline

GHSA-gm48-83x4-84jg: Server-side request forgery in Apache Dubbo

Related news

ghsa: Latest News