Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-43c4-9qgj-x742: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

ghsa
Open in Source
#git
GHSA-7p8j-qv6x-f4g4: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

GHSA-x38x-g6gr-jqff: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

GHSA-76cg-cfhx-373f: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

GHSA-ghv6-9r9j-wh4j: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.

GHSA-hv2j-6654-x74q: Reflected Cross-Site Scripting (XSS) in Dolibarr

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

GHSA-5j86-5xvg-7q93: TYPO3 Cross-Site Scripting (XSS) in form component

Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site Scripting.

GHSA-vgm8-r9gm-fw59: TYPO3 Cross-Site Scripting in legacy form component

Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this vulnerability.

GHSA-cg4m-qjjp-7497: TYPO3 Cross-Site Scripting in link validator component

Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this vulnerability.

GHSA-6fc6-cj2j-h22x: TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend

Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.