ghsa

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.

### Impact The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected. ### Patches Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. ### Workarounds N/A ### References https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/ ### For more information If you have any questions or comments about this advisory, please post on #7002.

### Impact The malicious user is able to update a crafted `config` file into repository's `.git` directory in combination with crafted file deletion to gain SSH access to the server. All installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches File deletions are prohibited to repository's `.git` directory. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. ### Workarounds N/A ### References https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930/ ### For more information If you have any questions or comments about this advisory, please post on #7000.

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild: <https://github.com/crossbeam-rs/crossbeam/issues/97#issuecomment-412785919>.

### Impact `DisplayName` allows all the characters from users, which leads to an XSS vulnerability when directly displayed in the issue list. ### Patches `DisplayName` is sanitized before being displayed. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. ### Workarounds Check and update the existing users' display names that contain malicious characters. ### References N/A ### For more information If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/pull/7009.

### Impact The malicious user is able to delete and upload arbitrary file(s). All installations on Windows with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev. ### Workarounds N/A ### References https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab/ ### For more information If you have any questions or comments about this advisory, please post on #7001.

Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and __call in Faker\Generator.php.