GHSA-7pq5-qcp6-mcww: CKAN has an XSS vector in user uploaded images in group/org and user profiles

GHSA-w3pj-wh35-fq8w: GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions

GHSA-wc9m-r3v6-9p5h: Sparkle Signing Checks Bypass

GHSA-w7wm-2425-7p2h: MarbleRun unauthenticated recovery allows Coordinator impersonation

GHSA-mx2j-7cmv-353c: wasmvm: Malicious smart contract can slow down block production

All versions of the package wifey are vulnerable to Command Injection via the `connect()` function due to improper input sanitization.

**wifey vulnerable to Command Injection due to improper input sanitization**

High severity GitHub Reviewed Published Jan 9, 2023 • Updated Jan 9, 2023

Headline

GHSA-xj9v-6q2f-vqhx: wifey vulnerable to Command Injection due to improper input sanitization

Related news

ghsa: Latest News