Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-pg98-6v7f-2xfv: sweetalert2 v9.17.4 and above contains hidden functionality

`sweetalert2` versions 9.17.4 and up until 10.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 9.0.0 - 9.17.3. ### Workaround Use a version 9.0.0 - 9.17.3 of the package until the maintainer releases a fix.

ghsa
Open in Source
#git
GHSA-457r-cqc8-9vj9: sweetalert2 v10.16.10 and above contains hidden functionality

`sweetalert2` versions 10.16.10 and up until 11.0.0 are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 10.0.0 - 10.16.9. ### Workaround Use a version 10.0.0 - 10.16.9 of the package until the maintainer releases a fix.

GHSA-8v23-w4w5-w83c: Cross-Site Request Forgery in Moodle

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website. This flaw allows an attacker to perform cross-site request forgery attacks.

GHSA-qq6h-5g6j-q3cm: sweetalert2 v11.4.9 and above contains hidden functionality

`sweetalert2` versions 11.4.9 and above are vulnerable to hidden functionality that was introduced by the maintainer. The package outputs audio and/or video messages that do not pertain to the functionality of the package and is not included in versions 11.0.0 - 11.4.8. ### Workaround Use a version 11.0.0 - 11.4.8 of the package until the maintainer releases a fix.

GHSA-v42f-hq78-8c5m: Denial of service in Mattermost

A denial-of-service vulnerability in the Mattermost allows an authenticated user to crash the server via multiple requests to one of the API endpoints which could fetch a large amount of data.

GHSA-wqg7-mx6p-2rw3: Command injection in Apache DolphinScheduler Alert Plugins

Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher

GHSA-5jph-wrq7-v9hf: Denial of service in Mattermost

A denial-of-service vulnerability in Mattermost allows an authenticated user to crash the server via multiple large autoresponder messages.

GHSA-58rj-w2qf-qjg7: Cross-site Scripting in Backdrop CMS

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.

GHSA-g56w-cwg4-hxx9: Code injection in quarkus dev ui config editor

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.

GHSA-g9cp-9fw3-56cf: Cross-site Scripting in Backdrop CMS

Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via 'Comment.'s