GHSA-625h-95r8-8xpm: Rack has an unsafe default in Rack::QueryParser allows params_limit bypass via semicolon-separated parameters

GHSA-227x-7mh8-3cf6: Gardener Extensions for multiple providers vulnerable to Terraform code injection

GHSA-8x9j-2p8r-7xc6: ml-logger has path traversal in the file argument

GHSA-57hm-8rjv-498w: ml-logger deserialization vulnerability

GHSA-r3jv-xfgx-gj24: cors-anywhere vulnerable to server-side request forgery

Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM).

If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability.

**@solana/web3.js vulnerable to Denial of Service attack via Message/Transaction object deserialization**

High severity GitHub Reviewed Published Apr 17, 2024 in solana-labs/solana-web3.js • Updated Apr 17, 2024

Headline

GHSA-8m45-2rjm-j347: @solana/web3.js vulnerable to Denial of Service attack via Message/Transaction object deserialization

ghsa: Latest News