GHSA-mqf3-qpc3-g26q: Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message

GHSA-ff6q-3c9c-6cf5: Silverstripe Framework has a XSS in form messages

GHSA-7cmp-cgg8-4c82: Silverstripe Framework has a XSS via insert media remote file oembed

GHSA-m9c9-mc2h-9wjw: Lodestar snappy checksum issue

GHSA-53rv-hcvm-rpp9: Lodestar snappy decompression issue

In versions of Alist prior to 3.6.0, a user with only file upload permission can bypass the base path restriction by using '... /' to bypass the base path restriction and upload files to an arbitrary path.


**Alist vulnerable to Path Traversal**

Moderate severity GitHub Reviewed Published Dec 16, 2022 • Updated Dec 16, 2022

Headline

GHSA-pmg2-rph8-p8r6: Alist vulnerable to Path Traversal

Related news

ghsa: Latest News