GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

### Impact

Calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. 

### Patches

Patched in v6.6.1

### Workarounds

Make sure to always consume the incoming body.


**fetch(url) leads to a memory leak in undici**

Moderate severity GitHub Reviewed Published Feb 16, 2024 in nodejs/undici • Updated Feb 16, 2024

Headline

GHSA-9f24-jqhm-jfcw: fetch(url) leads to a memory leak in undici

Impact

Patches

Workarounds

ghsa: Latest News