GHSA-pw25-c82r-75mm: request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

GHSA-63cx-g855-hvv4: mitmproxy binaries embed a vulnerable python-hyper/h2 dependency

GHSA-847f-9342-265h: h2 allows HTTP Request Smuggling due to illegal characters in headers

GHSA-5cmr-4px5-23pc: XGrammar affected by Denial of Service by infinite recursion grammars

GHSA-crcq-738g-pqvc: Craft CMS Potential Remote Code Execution via Twig SSTI

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.

**TYPO3 Information Disclosure of Installed Extensions**

Moderate severity GitHub Reviewed Published Jun 7, 2024 to the GitHub Advisory Database • Updated Jun 7, 2024

Headline

GHSA-f624-8hfq-5fh3: TYPO3 Information Disclosure of Installed Extensions

ghsa: Latest News