GHSA-f8x4-f32r-w556: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

GHSA-cx95-q6gx-w4qp: SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

GHSA-g8m5-722r-8whq: Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the `SlaPolicy` module. A patch is available at commit e55886781509fe39951fc7528347696474a17884.

**YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module**

Moderate severity GitHub Reviewed Published Sep 21, 2022 • Updated Sep 21, 2022

Headline

GHSA-vx3x-hwph-grvw: YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

Related news

ghsa: Latest News