Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-cg49-hrj4-3rpr: ydata unsafe deserialization

Deseriliazation of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a maliciously crafted dataset to run arbitrary code on an end user's system when loaded.

ghsa
Open in Source
#git
GHSA-fpvj-m2h6-6wc5: ydata unsafe deserialization

Deserialization of untrusted data can occur in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library, enabling a malicously crafted report to run arbitrary code on an end user's system when loaded.

GHSA-43c4-9qgj-x742: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

GHSA-7p8j-qv6x-f4g4: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.

GHSA-x38x-g6gr-jqff: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.

GHSA-76cg-cfhx-373f: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.

GHSA-ghv6-9r9j-wh4j: MLFlow unsafe deserialization

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.

GHSA-hv2j-6654-x74q: Reflected Cross-Site Scripting (XSS) in Dolibarr

A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.

GHSA-5j86-5xvg-7q93: TYPO3 Cross-Site Scripting (XSS) in form component

Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site Scripting.

GHSA-vgm8-r9gm-fw59: TYPO3 Cross-Site Scripting in legacy form component

Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this vulnerability.