GHSA-wphj-fx3q-84ch: systeminformation has a Command Injection vulnerability in fsSize() function on Windows

GHSA-3f5f-xgrj-97pf: Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

GHSA-cfpf-hrx2-8rv6: Expr has Denial of Service via Unbounded Recursion in Builtin Functions

GHSA-g239-q96q-x4qm: @vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

GHSA-c623-f998-8hhv: SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. This lack of access control can be leveraged to performe a cross site scripting attack.

**Incorrect Access Control and Cross Site Scripting in Jellyfin**

High severity GitHub Reviewed Published Aug 20, 2022 • Updated Aug 30, 2022

Headline

GHSA-qwp3-5fw3-5wgv: Incorrect Access Control and Cross Site Scripting in Jellyfin

ghsa: Latest News