GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

GHSA-hj3w-wrh4-44vp: LLama Factory Remote OS Command Injection Vulnerability

GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service

Snipe-IT is a free, open-source IT asset/license management systemIn Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This can lead to account take over.

**snipe-IT vulnerable to host header injection**

High severity GitHub Reviewed Published May 3, 2022 • Updated May 3, 2022

Headline

GHSA-9vh6-qfv6-vcqp: snipe-IT vulnerable to host header injection

ghsa: Latest News