GHSA-76mw-6p95-x9x5: pac4j-core affected by a Java deserialization vulnerability

GHSA-6h64-g7cj-hj56: Lord of Large Language Models (LoLLMs)  path traversal vulnerability in the api open_personality_folder endpoint

GHSA-vgxq-6rcf-qwrw: angular-base64-upload vulnerable to unauthenticated remote code execution

GHSA-8rm2-93mq-jqhc: Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.

GHSA-gx9m-whjm-85jf: DOMpurify has a nesting-based mXSS

### Impact
The MsQuic server application or process will crash, resulting in a denial of service.

### Patches
The following patch was made:

- Don't Allow Version Negotiation Packets for Server Connections - https://github.com/microsoft/msquic/commit/3226cff07d22662f16fc98d605656860e64cd343

### Workarounds
Beyond upgrading to the patched versions, there is no other workaround. You must upgrade or disable MsQuic functionality.


**Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel**

High severity GitHub Reviewed Published Oct 10, 2023 in microsoft/msquic • Updated Oct 10, 2023

Headline

GHSA-xh5m-8qqp-c5x7: Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel

Impact

Patches

Workarounds

ghsa: Latest News