GHSA-6qhv-4h7r-2g9m: rfc3161-client has insufficient verification for timestamp response signatures

GHSA-g3qg-6746-3mg9: zkVM Underconstrained Vulnerability

GHSA-93c7-7xqw-w357: Pingora has a Request Smuggling Vulnerability

GHSA-vrw8-fxc6-2r93: chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

GHSA-qwwm-c582-82rx: Mattermost allows unauthorized channel member management through playbook runs

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. This lack of access control can be leveraged to performe a cross site scripting attack.

**Incorrect Access Control and Cross Site Scripting in Jellyfin**

High severity GitHub Reviewed Published Aug 20, 2022 • Updated Aug 30, 2022

Headline

GHSA-qwp3-5fw3-5wgv: Incorrect Access Control and Cross Site Scripting in Jellyfin

ghsa: Latest News