GHSA-rchf-xwx2-hm93: Fedify has ReDoS Vulnerability in HTML Parsing Regex

GHSA-83fp-hh9m-c2jq: Piranha has stored cross-site scripting (XSS) vulnerability

GHSA-54mj-vcvj-q3v5: Umbraco CMS has an arbitrary file upload vulnerability

GHSA-fw48-7qf9-455m: Piranha has stored cross-site scripting (XSS) vulnerability

GHSA-428g-f7cq-pgp5: Marshmallow has DoS in Schema.load(many)

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.

**MLFlow unsafe deserialization**

High severity GitHub Reviewed Published Jun 4, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Headline

GHSA-cwgg-w6mp-w9hg: MLFlow unsafe deserialization

ghsa: Latest News