Carbon Forum version 5.9.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Persistent XSS in Carbon Forum 5.9.0 (Stored)# Date: 06/12/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.94cb.com/# Software Link: https://github.com/lincanbin/Carbon-Forum# Version: 5.9.0# Tested on: Windows XP# CVE: N/A## Vulnerability DetailsA persistent (stored) XSS vulnerability was discovered in Carbon Forumversion 5.9.0. The vulnerability allows an attacker to inject maliciousJavaScript code into the Forum Name field under the admin settings. Thispayload is stored on the server and executed in the browser of any user whovisits the forum, leading to potential session hijacking, data theft, andother malicious activities.## Steps to Reproduce1. Login as Admin: Access the Carbon Forum with admin privileges.2. Navigate to Settings: Go to the '/dashboard' and select the Basicsection.3. Enter Payload : Input the following payload in the Forum Name field:    <script>alert('XSS');</script>4. Save Settings: Save the changes.5. The xss payload will triggers

Carbon Forum 5.9.0 Cross Site Scripting

Ubuntu Security Notice 6826-1 - Karl von Randow discovered that mod_jk was vulnerable to an authentication bypass. If the configuration did not provide explicit mounts for all possible proxied requests, an attacker could possibly use this vulnerability to bypass security constraints configured in httpd.

==========================================================================  
Ubuntu Security Notice USN-6826-1  
June 11, 2024

libapache-mod-jk vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

mod_jk could allow unintended access to network services.

Software Description:  
- libapache-mod-jk: Apache 2 connector for the Tomcat Java servlet engine

Details:

Karl von Randow discovered that mod_jk was vulnerable to an authentication  
bypass. If the configuration did not provide explicit mounts for all  
possible proxied requests, an attacker could possibly use this  
vulnerability to bypass security constraints configured in httpd.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10  
   libapache2-mod-jk               1:1.2.48-2ubuntu0.1

Ubuntu 22.04 LTS  
   libapache2-mod-jk               1:1.2.48-1ubuntu0.1

Ubuntu 20.04 LTS  
   libapache2-mod-jk               1:1.2.46-1ubuntu0.1

Ubuntu 18.04 LTS  
   libapache2-mod-jk               1:1.2.43-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   libapache2-mod-jk               1:1.2.41-1ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6826-1  
   CVE-2023-41081

Package Information:  
https://launchpad.net/ubuntu/+source/libapache-mod-jk/1:1.2.48-2ubuntu0.1  
https://launchpad.net/ubuntu/+source/libapache-mod-jk/1:1.2.48-1ubuntu0.1  
https://launchpad.net/ubuntu/+source/libapache-mod-jk/1:1.2.46-1ubuntu0.1

Ubuntu Security Notice USN-6826-1

XMB version 1.9.12.06 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Persistent XSS in XMB 1.9.12.06# Date: 06/12/2024# Exploit Author: Chokri Hammedi# Vendor Homepage: https://www.xmbforum2.com/# Software Link: https://www.xmbforum2.com/download/XMB-1.9.12.06.zip# Version: 1.9.12.06# Tested on: Windows XP# CVE: N/A## Vulnerability DetailsA persistent (stored) XSS vulnerability was discovered in XMB 1.9.12.06.The vulnerability allows an attacker to inject malicious JavaScript codeinto a template or specific fields. This payload is stored on the serverand executed in the browser of any user who visits the forum, leading topotential session hijacking, data theft, and other malicious activities.### XSS in TemplateAn attacker can inject malicious JavaScript code into a template:1. Login as Admin: Access the XMB Forum with admin privileges.2. Navigate to the Administration Panel: Go to `/cp.php`, then in "Look &Feel" select "Templates". This will go to `/cp2.php?action=templates`.Select the "footer" template and click edit.3. Enter Payload: Add the XSS payload in the footer template:    <script>alert('XSS');</script>4. Save the Change: Click "Submit Changes".5. Trigger the Payload: The XSS payload will trigger anywhere the footertemplate is rendered.### XSS in News TickerAn attacker can inject malicious JavaScript code into the News Ticker fieldof the Front Page Options:1. Login as Admin: Access the XMB Forum with admin privileges.2. Navigate to the Administration Panel: Go to `/cp.php`, then in"Settings" go to "Front Page Options".3. Enter Payload: Add the XSS payload in the "News in Newsticker" field:   <img src=x onerror=alert(1)>4. Save the Change: Click "Submit Changes".5. Trigger the Payload: The XSS payload will trigger anywhere the NewsTicker is displayed eg, home page

XMB 1.9.12.06 Cross Site Scripting

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.

Source: SuPatMaN via Shutterstock

Microsoft has issued fixes for a total of 49 vulnerabilities in its Patch Tuesday security update for June, including a critical bug in Microsoft Message Queuing (MSMQ) technology that could open vast swathes of companies to remote code execution (RCE) and server takeover.

The issue (CVE-2024-30080, CVSS score of 9.8 out of 10) is remotely exploitable, with low attack complexity, requires no privileges, and takes no user interaction; and it carries high impacts on confidentiality, integrity, and availability, according to Microsoft. Attackers can use it to completely take over an affected server by sending a specially crafted malicious MSMQ packet. To check vulnerability, confirm users should whether the 'Message Queuing' service is running and if TCP port 1801 is open on the system. The bug affects all versions of Windows starting from Windows Server 2008 and Windows 10.

Its impact could be felt in the threat landscape sooner rather than later, so patching quickly is a must: "A couple of quick Shodan searches reveal over a million hosts running with port 1801 open and over 3500 results for 'msmq'," said Tyler Reguly, associate director security R&D at Fortra, in an emailed statement. "Given this is a remote code execution, I would expect to see this vulnerability included in exploit frameworks in the near future."

This is the only bug that Microsoft has rated as critical this month, but there are several others in the update that merit prompt attention as well, according to security analysts.

**High-Priority Microsoft Bugs for June 2024**

Among the high-priority bugs to put at the top of the patching list are: CVE-2024-30103, a remote code execution (RCE) vulnerability in Microsoft Outlook in which the Preview Pane is an attack vector; CVE-2024-30089, a vulnerability in Microsoft Streaming Services that gives attackers a way to gain system level access; CVE-2024-30085, a privilege escalation bug in Windows Cloud Files Mini Filter Driver that Microsoft has identified as more likely to be exploited; and CVE-2024-30099, an elevation-of-privilege (EoP) vulnerability in Windows Kernel Driver that attackers can abuse to take over an affected system.

In all, Microsoft categorized 11 of the 49 vulnerabilities in this month's update as flaws that threat actors were more likely to exploit because of factors like low attack complexity and the fact that adversaries need no special privileges or user interaction to take advantage of them.

**RCE Bugs to Prioritize**

This month's collection of noteworthy RCE bugs include CVE-2024-30101, a use-after-free bug in Microsoft Office that requires active user interaction for an attack to succeed; CVE-2024-30104 in Microsoft Office; and the previously mentioned CVE-2024-30103 in Microsoft Outlook, which an attacker can trigger via the Preview Pane in an email.

The latter is potentially especially dangerous because an attacker can use it to bypass Outlook registry block lists and enable the creation of malicious DLL files.

"This Microsoft Outlook vulnerability can be circulated from user to user, and doesn't require a click to execute," Morphisec researchers said in a blog. "Rather, execution initiates when an affected email is opened. This is notably dangerous for accounts using Microsoft Outlook’s auto-open email feature."

Microsoft itself has assessed the flaw as something that attackers are less likely to exploit.

**High Number of Elevation-of-Privilege Bugs**

Somewhat unusually, there were more EoP flaws this time around than there were RCE bugs, accounting for nearly half of the CVEs patched.

Satnam Narang, senior staff research engineer at Tenable, pointed to CVE-2024-30089, the bug in Microsoft Streaming Services, as one of the privilege escalation flaws that organizations need to prioritize the most.

"These types of flaws are notoriously useful for cybercriminals seeking to elevate privileges on a compromised system," Narang said. "When exploited in the wild as a zero-day, they are typically associated with more advanced persistent threat (APT) actors or as part of targeted attacks."

CVE-2024-30089 is one of two EoP vulnerabilities in Streaming Service that Microsoft disclosed this month. The other is CVE-2024-30090, which also gives attackers a way to gain system-level privileges but is harder to exploit.

In prepared comments, Kev Breen, senior director threat research at Immersive Lab, identified CVE-2024-30085 as another EoP flaw that will likely draw attacker interest. The bug in Windows Cloud Mini Files Driver allows for system level privileges on a local machine.

"This type of privilege-escalation step is frequently seen by threat actors in network compromises, as it can enable the attacker to disable security tools or run credential dumping tools like Mimikatz," for lateral movement and further compromise, he said. Microsoft's description of the flaw suggests it is identical to CVE-2023-36036, a zero-day bug in Cloud Files Mini Filter that attackers actively exploited last year, Breen said.

CVE-2024-30099 is another EoP vulnerability that Microsoft has listed in its more category of more exploitable bugs. What makes the bug especially noteworthy is that it exists in the NT OS kernel. The vulnerability allows an attacker that can trigger — and win — a race condition within the kernel to take over an affected system. However, the Windows Message Queuing Service must be enabled for an attacker to be successful.

"This vulnerability should be on everyone's patch list due to it being so central to the operating system," said Ben McCarthy, lead cyber security engineer at Immersive Labs, in emailed comments.

There are several other kernel-related EoP vulnerabilities that organizations would do well to prioritize, McCarthy noted. These include CVE-2024-35250, CVE-2024-30084, CVE-2024-30064, CVE-2024-30068, and CVE-2024-35250.

"These sorts of vulnerabilities are often what attackers will try to weaponize after the patch day," he said. "So, it is always wise to patch kernel-related vulnerabilities because successful exploitation of these vulnerabilities mean they get complete access to a computer's resources and run as SYSTEM privileges."

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows administrators. The software giant also responded to a torrent of negative feedback on a new feature of Redmond's flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

**Microsoft** today released updates to fix more than 50 security vulnerabilities in **Windows** and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Last month, Microsoft debuted **Copilot+ PCs**, an AI-enabled version of Windows. Copilot+ ships with a feature nobody asked for that Redmond has aptly dubbed **Recall**, which constantly takes screenshots of what the user is doing on their PC. Security experts roundly trashed Recall as a fancy keylogger, noting that it would be a gold mine of information for attackers if the user’s PC was compromised with malware.

Microsoft countered that Recall snapshots never leave the user’s system, and that even if attackers managed to hack a Copilot+ PC they would not be able to exfiltrate on-device Recall data. But that claim rang hollow after former Microsoft threat analyst **Kevin Beaumont** detailed on his blog how any user on the system (even a non-administrator) can export Recall data, which is just stored in an SQLite database locally.

“I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade,” Beaumont said on Mastodon.

In a recent Risky Business podcast, host **Patrick Gray** noted that the screenshots created and indexed by Recall would be a boon to any attacker who suddenly finds himself in an unfamiliar environment.

“The first thing you want to do when you get on a machine if you’re up to no good is to figure out how someone did their job,” Gray said. “We saw that in the case of the SWIFT attacks against central banks years ago. Attackers had to do screen recordings to figure out how transfers work. And this could speed up that sort of discovery process.”

Responding to the withering criticism of Recall, Microsoft said last week that it will no longer be enabled by default on Copilot+ PCs.

Only one of the patches released today — CVE-2004-30080 — earned Microsoft’s most urgent “critical” rating, meaning malware or malcontents could exploit the vulnerability to remotely seize control over a user’s system, without any user interaction.

CVE-2024-30080 is a flaw in the **Microsoft Message Queuing** (MSMQ) service that can allow attackers to execute code of their choosing. Microsoft says exploitation of this weakness is likely, enough to encourage users to disable the vulnerable component if updating isn’t possible in the short run. CVE-2024-30080 has been assigned a CVSS vulnerability score of 9.8 (10 is the worst).

**Kevin Breen**, senior director of threat research at **Immersive Labs**, said a saving grace is that MSMQ is not a default service on Windows.

“A Shodan search for MSMQ reveals there are a few thousand potentially internet-facing MSSQ servers that could be vulnerable to zero-day attacks if not patched quickly,” Breen said.

CVE-2024-30078 is a remote code execution weakness in the **Windows WiFi Driver**, which also has a CVSS score of 9.8. According to Microsoft, an unauthenticated attacker could exploit this bug by sending a malicious data packet to anyone else on the same network — meaning this flaw assumes the attacker has access to the local network.

Microsoft also fixed a number of serious security issues with its **Office** applications, including at least two remote-code execution flaws, said **Adam Barnett**, lead software engineer at **Rapid7**.

“CVE-2024-30101 is a vulnerability in **Outlook**; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability and the attacker must win a race condition,” Barnett said. “CVE-2024-30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.”

Separately, Adobe released security updates for **Acrobat**, **ColdFusion**, and **Photoshop**, among others.

As usual, the SANS Internet Storm Center has the skinny on the individual patches released today, indexed by severity, exploitability and urgency. Windows admins should also keep an eye on AskWoody.com, which often publishes early reports of any Windows patches gone awry.

Patch Tuesday, June 2024 “Recall” Edition

Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space.

Fortinet announced Monday its plans to acquire cloud security firm Lacework to enhance its secure access service edge (SASE) offerings with cloud-native security services.

Lacework integrates cloud-native application protection platform services to safeguard what's happening inside the cloud infrastructure. The data-powered cloud security platform collects and analyzes data from across cloud environments so that customers can manage and secure their cloud workflows. The platform identifies and shares details about abnormal or unexpected activities that could indicate a security problem. Lacework offers artificial intelligence and machine-learning technology, data collection capabilities, a data lake, and code security tools, wrote John Maddison, chief marketing officer at Fortinet, in a blog post announcing the acquisition.

Fortinet plans to integrate capabilities from Lacework's cloud-native application protection platform into its SASE portfolio. According to Maddison, combining Lacework with Fortinet's firewall and Web application and API protection (WAAP) capabilities will allow customers to protect what's happening inside the cloud application, as well as what's happening between the application and outside the network.

Back in 2021, Lacework was valued at $8.3 billion. Earlier this year, there were reports that Wiz was in talks with Lacework for a small fraction of the company's valuation. The terms of Fortinet's deal, expected to be completed in the second half of the year, were not disclosed.

**About the Author(s)**

Fortinet Plans to Acquire Lacework

PRESS RELEASE

TEL AVIV, Israel, June 06, 2024 (GLOBE NEWSWIRE) -- Backslash Security, today unveiled expansive new platform capabilities. With a broad roster of new on-premises integrations, security team workflow integrations and automation features, CI/CD integrations, and bolstered language support, Backslash now serves the full software development lifecycle and further supports the application security needs of large enterprises.

“There are two core elements that make AppSec teams successful – one is cutting through the noise to prioritize truly reachable and exploitable vulnerabilities; the other is building confidence with our developers to trust that the risks we flag are real, and worth their effort to investigate and fix,” said Shane Garoutte, Head of Security & Compliance at Capital Rx. “Backslash’s focus on reachability analysis enables us to achieve both, and with the platform’s expanded capabilities, we can also work seamlessly with DevOps to integrate security throughout the software development lifecycle.”

Backslash combines SCA, SAST, SBOM, VEX, and secrets detection to replace outdated legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analysis. Newly released enhancements to the Backslash platform include:

Extended support for large enterprise use cases: 

*   Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise and Bitbucket On-Premise enable seamless connection to enterprise on-premises codebases.
    
*   Extended language support adds C, C++, Ruby, Rust and Scala to Backslash’s existing language portfolio to serve diverse technology stacks and secure the entire codebase, including third party libraries and dependencies.
    
*   Role-based access controls enable enterprises to easily manage access to the Backslash platform for large and varied user bases across the organization.
    

Security team workflow enhancements: New automation policies and actions features enable Backslash users to specify security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack and Microsoft Teams.

CI/CD integrations for DevSecOps support: Integrations with Gitlab Pipelines, Github Actions and Azure Pipelines enable DevOps teams to implement DevSecOps processes and prevent new issues from being introduced in the pull request and CI/CD stages.

Reachability analysis enhancements:

*   Phantom packages are packages not defined or controlled by the app developer but introduced by a transitive one, escaping the developer's control and potentially introducing vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
    
*   Backslash Security’s reachability analysis identifies vulnerable transitive packages, helping developers understand which vulnerabilities are actually in use and therefore exploitable within their codebase, allowing them to prioritize what to fix.
    
*   New UI features bolster reachability evidence by showing code references for each reachable path.
    

"Backslash enables enterprises to prioritize truly critical code risks and facilitate trust among the many teams and stakeholders within the software development lifecycle," said Yossi Pik, co-founder and CTO of Backslash Security. "These latest enhancements automate key AppSec tasks, ensure issues are handled according to the correct priorities, and integrate smoothly into organizational workflows, all while strengthening our reachability analysis to provide enterprise security teams with incomparable results."

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets, and more, now available at backslash.security/trial.

About Backslash  
Backslash's fusion of SAST and SCA empowers enterprise AppSec teams to focus on fixing only the reachable, exploitable code vulnerabilities. By identifying authentic attack paths pointed at reachable code, Backslash empowers security teams to focus on rectifying only the code and open-source software (OSS) components that are actively in use and accessible to potential attackers. Thanks to this precision, Backslash enables teams to fix only the vulnerable code and OSS that indeed needs addressing – the reachable, exploitable components.

Backed by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co., and a roster of security veterans as angel investors, Backslash has been deployed across leading technology organizations and Fortune 100 companies. Learn more at https://www.backslash.security/.

Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform

The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.

Source: michelmond via Alamy Stock Photo

Authorities in Canada and the UK have launched a joint investigation into a 23andMe data breach that occurred last October. 

That's when a threat actor posted on the Dark Web claiming possession of 23andMe profile information, ultimately releasing roughly 4 million company records. 23andMe launched an investigation, discovering that the breach was a credential-stuffing attack that affected around 7 million people.

The discovery of the attack led the company to blame the victims of the breach, saying they were negligent in reusing their passwords that had previously been exposed in past data breaches.

The joint investigation now seeks to protect the "fundamental right to privacy of individuals across jurisdictions," as 23andMe is considered to be "a custodian of highly sensitive personal information" such as genetic history, health, ethnic background, and biological relationships. 

The countries will investigate the scope of the breached information, whether 23andMe had safeguards in place to protect that sensitive information, and whether the notifications the company provided to the regulators was adequate.

"People need to trust that any organization handling their most sensitive personal information has the appropriate security and safeguards in place," said UK Information Commissioner John Edwards. "This data breach had an international impact, and we look forward to collaborating with our Canadian counterparts to ensure the personal information of people in the UK is protected.”

Edwards and Canadian Privacy Commissioner Philippe Dufresne will be jointly investigating the breach.

Canada &amp; UK Partner in Joint 23andMe Data Breach Investigation

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

**Acknowledgements:**
Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-3656

**Keycloak's admin API allows low privilege users to use administrative functions**

High severity GitHub Reviewed Published Jun 11, 2024 in keycloak/keycloak • Updated Jun 11, 2024

**Package**

maven org.keycloak:keycloak-services (Maven)

**Affected versions**

< 24.0.5

Users with low privileges (just plain users in the realm) are able to utilize administrative functionalities within Keycloak admin interface. This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.

**Acknowledgements:**  
Special thanks to Maurizio Agazzini for reporting this issue and helping us improve our project.

**References**

*   GHSA-2cww-fgmg-4jqc
*   keycloak/keycloak@d9f0c84

Published to the GitHub Advisory Database

Jun 11, 2024

Last updated

Jun 11, 2024

GHSA-2cww-fgmg-4jqc: Keycloak's admin API allows low privilege users to use administrative functions

Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability

Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-35255

**Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability**

Moderate severity GitHub Reviewed Published Jun 11, 2024 to the GitHub Advisory Database • Updated Jun 11, 2024

**Package**

npm @azure/identity (npm)

**Affected versions**

< 4.2.1

npm @azure/msal-node (npm)

nuget Azure.Identity (NuGet)

nuget Microsoft.Identity.Client (NuGet)

maven com.azure:azure-identity (Maven)

maven com.microsoft.azure:msal4j (Maven)

gomod github.com/Azure/azure-sdk-for-go/sdk/azidentity (Go)

**Description**

Published to the GitHub Advisory Database

Jun 11, 2024

Last updated

Jun 11, 2024

Tag

#auth