GHSA-hc55-p739-j48w: @modelcontextprotocol/server-filesystem vulnerability allows for path validation bypass via colliding path prefix

GHSA-q66q-fx2p-7w4m: @modelcontextprotocol/server-filesystem allows for path validation bypass via prefix matching and symlink handling

GHSA-h34r-jxqm-qgpr: juju/utils leaks private key in certs

GHSA-xg8h-j46f-w952: Pillow vulnerability can cause write buffer overflow on BCn encoding

GHSA-3m86-c9x3-vwm9: Graylog vulnerable to privilege escalation through API tokens

### Impact

comrak is vulnerable to the upstream cmark issue, ["Issue revealed by fuzzer"](https://github.com/commonmark/cmark/issues/354). A large number of references in a markdown document can trigger an overly large response.

### Patches

0.17.0 contains https://github.com/kivikakk/comrak/commit/70f97f3ea4eae30ffbd1b94c764a3de2f1c41d2a, which limits reference output to a 100Kb maximum.

### Workarounds

n/a

### References

* https://github.com/commonmark/cmark/issues/354

**Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)**

Moderate severity GitHub Reviewed Published Mar 28, 2023 in kivikakk/comrak • Updated Mar 28, 2023

Headline

GHSA-xxmq-4vph-956w: Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)

Impact

Patches

Workarounds

References

ghsa: Latest News