GHSA-7f8r-222p-6f5g: MCP Inspector proxy server lacks authentication between the Inspector client and proxy

GHSA-x3c7-22c8-prg7: handcraftedinthealps/goodby-csv has Potential Gadget Chain allowing Remote Code Execution

GHSA-59w6-r9hm-439h: XWiki does not require right warnings for XClass definitions

GHSA-jp4x-w9cj-97q7: XWiki allows remote code execution through preview of XClass changes in AWM editor

GHSA-j7p2-87q3-44w7: XWiki does not require right warnings for notification displayer objects

The pullit package before 1.4.0 for Node.js allows OS Command Injection because `eval()` is used on an attacker-supplied Git branch name.

**pullit Command Injection vulnerability**

High severity GitHub Reviewed Published Mar 27, 2023 to the GitHub Advisory Database • Updated Mar 27, 2023

Headline

GHSA-2w9p-xf5h-qwj3: pullit Command Injection vulnerability

Related news

ghsa: Latest News