GHSA-5jfw-gq64-q45f: HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

GHSA-hrxh-9w67-g4cv: Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

GHSA-m5vv-7jxc-8p6x: Redaxo Core CMS Cross Site Scripting (XSS)

GHSA-p7f6-8mcm-fwv3: Statamic CMS has a Path Traversal in Asset Upload

GHSA-2x2g-32r7-p4x8: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.

**Croc may expose secret to local users**

Moderate severity GitHub Reviewed Published Sep 20, 2023 to the GitHub Advisory Database • Updated Sep 21, 2023

Headline

GHSA-7g3v-4ggr-xvjf: Croc may expose secret to local users

Related news

ghsa: Latest News