GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. 
Any combination was considered valid.

This allows an attacker to republish an existing `PeerRecord` with a different `PeerId`.


**Failure to verify the public key of a \`SignedEnvelope\` against the \`PeerId\` in a \`PeerRecord\`**

High severity GitHub Reviewed Published Jun 17, 2022 • Updated Jun 17, 2022

Headline

GHSA-wc36-xgcc-jwpr: Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`

ghsa: Latest News