GHSA-mqf3-qpc3-g26q: Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

GHSA-ff6q-3c9c-6cf5: Silverstripe Framework has a XSS in form messages

GHSA-7cmp-cgg8-4c82: Silverstripe Framework has a XSS via insert media remote file oembed

GHSA-m9c9-mc2h-9wjw: Lodestar snappy checksum issue

GHSA-53rv-hcvm-rpp9: Lodestar snappy decompression issue

Adyen has utility methods for validating notification HMAC signatures. The `is_valid_hmac` and `is_valid_hmac_notification` methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead.

**Adyen APIs Library for Python timing attack vulnerability**

Moderate severity GitHub Reviewed Published Aug 30, 2024 to the GitHub Advisory Database • Updated Aug 30, 2024

Headline

GHSA-f3q4-ggfp-jv34: Adyen APIs Library for Python timing attack vulnerability

ghsa: Latest News