GHSA-32q6-rr98-cjqv: OpenFGA Authorization Bypass

GHSA-w3g8-r9gw-qrh8: Denial of Service in Keycloak Server via Security Headers

GHSA-f4v7-3mww-9gc2: Keycloak allows unrestricted admin use of system and environment variables

GHSA-vh22-6c6h-rm8q: jte's HTML templates containing Javascript template strings are subject to XSS

GHSA-mgr7-5782-6jh9: The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package

### Impact
version 1.5.0 and 1.6.0 when using the new `debug-host` feature could expose unnecessary information about the host

### Patches
Use 1.6.1 or newer

### Workarounds
Downgrade to 1.4.0 or set `debug-host` to empty

### References
https://github.com/fortio/proxy/pull/38

Q&A https://github.com/fortio/proxy/discussions

**Initial debug-host handler implementation could leak information and facilitate denial of service**

Moderate severity GitHub Reviewed Published Jan 27, 2023 in fortio/proxy • Updated Jan 27, 2023

Headline

GHSA-x477-fq37-q5wr: Initial debug-host handler implementation could leak information and facilitate denial of service

Impact

Patches

Workarounds

References

ghsa: Latest News