GHSA-83jg-m2pm-4jxj: Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification

GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

### Impact
Utility functions related to object paths (`get`, `set` and `update`) did not block attempts to access or alter object prototypes.

### Patches
The `get`, `set` and `update` functions will throw a `TypeError` when a user attempts to access or alter inherited properties in versions >=2.2.1.

**Prototype pollution not blocked by object-path related utilities in hoolock**

Moderate severity GitHub Reviewed Published Jan 21, 2024 in elijahharry/hoolock • Updated Jan 23, 2024

Headline

GHSA-4c2g-hx49-7h25: Prototype pollution not blocked by object-path related utilities in hoolock

Impact

Patches

ghsa: Latest News