ghsa

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3 that allows attackers to cause a denial of service.

SQL Injection vulnerability in file `Base_module_model.php` in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the `col` parameter to function `list_items`.

An issue was discovered in `OFPBundleCtrlMsg` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

An issue was discovered in `OFPQueueGetConfigReply` in `parser.py` in FaucetSDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

A prototype pollution vulnerability in MrSwitch hello.js prior to version 1.18.8 allows remote attackers to execute arbitrary code via `hello.utils.extend` function.

Cross Site Scripting (XSS) vulnerability in `adm_user` parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider before 2.4.3. It is recommended to upgrade to a version that is not affected.

Mattermost fails to sanitize post metadata during audit logging, resulting in permalinks' contents being logged.

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.