GHSA-9h9q-qhxg-89xr: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

GHSA-jg74-mwgw-v6x3: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

GHSA-h4h5-9833-v2p4: Rancher agents can be hijacked by taking over the Rancher Server URL

GHSA-g54f-66mw-hv66: Agnai vulnerable to Relative Path Traversal in Image Upload

GHSA-h355-hm5h-cm8h: Agnai File Disclosure Vulnerability: JSON via Path Traversal 

### Impact
Magento admin users with access to the customer media could execute code on the server.



**Fix for arbitrary file deletion in customer media allows for remote code execution**

High severity GitHub Reviewed Published Jan 27, 2023 in OpenMage/magento-lts • Updated Jan 27, 2023

Headline

GHSA-5vpv-xmcj-9q85: Fix for arbitrary file deletion in customer media allows for remote code execution

Impact

Related news

ghsa: Latest News