GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

GHSA-3q26-f695-pp76: @cyanheads/git-mcp-server vulnerable to command injection in several tools

GHSA-6r2x-8pq8-9489: Electron vulnerable to Heap Buffer Overflow in NativeImage

GHSA-v8fr-vxmw-6mf6: Mattermost Incorrect Authorization vulnerability

GHSA-wgvp-jj4w-88hf: Mattermost Incorrect Authorization vulnerability

Path resolution in `warp::filters::fs::dir` didn't correctly validate Windows paths
meaning paths like `/foo/bar/c:/windows/web/screen/img101.png` would be allowed
and respond with the contents of `c:/windows/web/screen/img101.png`. Thus users
could potentially read files anywhere on the filesystem.

This only impacts Windows. Linux and other unix likes are not impacted by this.


**Warp vulnerable to Path Traversal via Improper validation of Windows paths**

High severity GitHub Reviewed Published Jan 31, 2023 to the GitHub Advisory Database

Headline

GHSA-8v4j-7jgf-5rg9: Warp vulnerable to Path Traversal via Improper validation of Windows paths

ghsa: Latest News