GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

GHSA-m52v-24p8-654f: SurrealDB has an Uncaught Exception Sorting Tables by Random Order

GHSA-jc55-246c-r88f: SurrealDB has an Uncaught Exception Handling Nonexistent Role

GHSA-h4f5-h82v-5w4r: SurrealDB has an Uncaught Exception in Function Generating Random Time

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

**Package**

maven com.alibaba:dubbo (Maven)

**Affected versions**

\>= 2.5.0, < 2.6.12

**Package**

maven org.apache.dubbo:dubbo (Maven)

**Affected versions**

\>= 2.5.0, < 2.7.15

Headline

GHSA-gm48-83x4-84jg: Server-side request forgery in Apache Dubbo

Related news

ghsa: Latest News