Source
ghsa
### Impact A layout block was able to bypass the block blacklist to execute remote code.
### Impact version 1.5.0 and 1.6.0 when using the new `debug-host` feature could expose unnecessary information about the host ### Patches Use 1.6.1 or newer ### Workarounds Downgrade to 1.4.0 or set `debug-host` to empty ### References https://github.com/fortio/proxy/pull/38 Q&A https://github.com/fortio/proxy/discussions
### Impact Infinite loop in malicious code filter in certain conditions. ### Workarounds None
### Impact Magento admin users with access to the customer media could execute code on the server.
### Impact Custom Layout enabled admin users to execute arbitrary commands via block methods.
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.
flash_tool Gem for Ruby contains a flaw that is triggered during the handling of downloaded files that contain shell characters. With a specially crafted file, a context-dependent attacker can execute arbitrary commands.