GHSA-c72g-53hw-82q7: OpenFGA Authorization Bypass

GHSA-m4hf-fxcg-cp34: DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

GHSA-79m3-rvx2-3qq9: Reflected Cross-Site Scripting (XSS) in module actions in edit mode

GHSA-62mf-vhhw-xmf8: DNN site Import could use an external source with a crafted request

GHSA-c37v-3c8w-crq8: zot logs secrets

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.

**static-server Path Traversal vulnerability**

High severity GitHub Reviewed Published Oct 3, 2023 to the GitHub Advisory Database • Updated Oct 4, 2023

Headline

GHSA-v834-rhv4-65m3: static-server Path Traversal vulnerability

Related news

ghsa: Latest News