GHSA-62r2-gcxr-426x:  starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field

GHSA-7p89-p6hx-q4fw: basic-auth-connect's callback uses time unsafe string comparison

GHSA-h5q3-fjp4-2x7r: MantisBT vulnerable to information disclosure with user profiles

GHSA-5rfv-66g4-jr8h: RestrictedPython information leakage via `AttributeError.obj` and the `string` module

GHSA-g643-xq6w-r67c: Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

**Moodle vulnerable to Server Side Request Forgery**

Moderate severity GitHub Reviewed Published Jun 22, 2023 to the GitHub Advisory Database • Updated Jun 27, 2023

Headline

GHSA-xxp4-mf4h-6cwm: Moodle vulnerable to Server Side Request Forgery

Related news

ghsa: Latest News