GHSA-m43g-m425-p68x: junit-platform-reporting can leak Git credentials through its OpenTestReportGeneratingListener 

GHSA-hc55-p739-j48w: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

GHSA-q66q-fx2p-7w4m: @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

GHSA-h34r-jxqm-qgpr: juju/utils leaks private key in certs

GHSA-xg8h-j46f-w952: Pillow vulnerability can cause write buffer overflow on BCn encoding

### Impact

The faulty nodes will reject transactions which calls `load_cell_data` syscall but the input cell is still in the mempool. They also ban other nodes and cause the network separation.

### Patches

0.35.2, 0.36.1, 0.37.1, 0.38.2

**Nervos CKB Permit load cell data from memory**

Moderate severity GitHub Reviewed Published Apr 25, 2021 in nervosnetwork/ckb • Updated Feb 3, 2024

Headline

GHSA-29c2-65rj-h343: Nervos CKB Permit load cell data from memory

Impact

Patches

ghsa: Latest News