GHSA-7xqm-7738-642x: File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

GHSA-7mcq-f592-pf7v: Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs

GHSA-7xwp-2cpp-p8r7: File Browser’s insecure JWT handling can lead to session replay attacks after logout

GHSA-vhvx-8xgc-99wf: DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

GHSA-jjwr-5cfh-7xwh: DSpace is vulnerable to XML External Entity injection during archive imports 

php-heic-to-jpg <= 1.0.5 is vulnerable to remote code execution. An attacker who can upload heic images is able to execute code on the remote server via the file name. As a result, the CIA is no longer guaranteed. This affects php-heic-to-jpg 1.0.5 and below.

**Remote code execution in php-heic-to-jpg**

High severity GitHub Reviewed Published Oct 24, 2024 to the GitHub Advisory Database • Updated Oct 24, 2024

Headline

GHSA-g8v9-c8m3-942v: Remote code execution in php-heic-to-jpg

ghsa: Latest News