GHSA-8g98-m4j9-qww5: Taylored webhook validation vulnerabilities

GHSA-48p4-8xcf-vxj5: urllib3 does not control redirects in browsers and Node.js

GHSA-pq67-6m6q-mj2v: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

GHSA-px2c-r924-mwcc: Couchbase .NET SDK (client library) does not properly enable hostname verification for TLS certificates

GHSA-2hw3-h8qx-hqqp: OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

In rdiffweb prior to 2.5.5, the username field is not unique to users. This allows exploitation of primary key logic by creating the same name with different combinations & may allow unauthorized access.

**rdiffweb vulnerable to Authentication Bypass by Primary Weakness**

High severity GitHub Reviewed Published Dec 27, 2022 • Updated Dec 30, 2022

Headline

GHSA-wf33-6x33-wcf9: rdiffweb vulnerable to Authentication Bypass by Primary Weakness

Related news

ghsa: Latest News