GHSA-w252-645g-87mp: Openfire has potential identity spoofing issue via unsafe CN parsing

GHSA-frh7-2f84-v9mw: is-arrayish@0.3.3 contains malware after npm account takeover

GHSA-6jp5-hh4c-8c5h: error-ex@1.3.3 contains malware after npm account takeover

GHSA-pxx3-g568-hxr4: color-convert@3.1.1 contains malware after npm account takeover

GHSA-5fvm-p68v-5wmh: color-name@2.0.1 contains malware after npm account takeover

`Out::from_raw` in affected versions allows writing a value to invalid memory address without requiring `unsafe`.

The soundness issue has been addressed by making `Out::from_raw` an unsafe function.


**\`out\_reference::Out::from\_raw\` should be \`unsafe\`**

Moderate severity GitHub Reviewed Published Mar 13, 2023 to the GitHub Advisory Database • Updated Mar 13, 2023

Headline

GHSA-p7mj-xvxg-grff: `out_reference::Out::from_raw` should be `unsafe`

ghsa: Latest News