GHSA-pxg6-pf52-xh8x: cookie accepts cookie name, path, and domain with out of bounds characters

GHSA-q898-frwq-f3qp: Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

GHSA-8xq9-g7ch-35hg: Parse Server's custom object ID allows to acquire role privileges

GHSA-8h22-6qwx-q4w9: OpenStack Ironic fails to verify checksums of supplied image_source URLs

GHSA-wwcp-26wc-3fxm: JSON-lib mishandles an unbalanced comment string

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

**MLflow Server-Side Request Forgery (SSRF)**

High severity GitHub Reviewed Published Dec 20, 2023 to the GitHub Advisory Database • Updated Dec 20, 2023

Headline

GHSA-59v3-898r-qwhj: MLflow Server-Side Request Forgery (SSRF)

ghsa: Latest News