GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

### Impact
The MsQuic server application or process will crash, resulting in a denial of service.

### Patches
The following patch was made:

- Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343

### Workarounds
Beyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.


**Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel**

High severity GitHub Reviewed Published Oct 10, 2023 in microsoft/msquic • Updated Oct 10, 2023

Headline

GHSA-xh5m-8qqp-c5x7: Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel

Impact

Patches

Workarounds

ghsa: Latest News