GHSA-8q6v-474h-whgg: The Thinbus Javascript Secure Remote Password (SRP) Client Generates Fewer Bits of Entropy Than Intended

GHSA-q82r-2j7m-9rv4: github.com/go-acme/lego/v4/acme/api does not enforce HTTPS

GHSA-52f5-9888-hmc6: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter

GHSA-27gv-mg7w-mm34: Shopware race condition bypasses voucher restrictions

GHSA-522r-9946-fw43: Duplicate Advisory: CIRCL-Fourq: Missing and wrong validation can lead to incorrect results

Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM).

If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability.

**@solana/web3.js vulnerable to Denial of Service attack via Message/Transaction object deserialization**

High severity GitHub Reviewed Published Apr 17, 2024 in solana-labs/solana-web3.js • Updated Apr 17, 2024

Headline

GHSA-8m45-2rjm-j347: @solana/web3.js vulnerable to Denial of Service attack via Message/Transaction object deserialization

ghsa: Latest News