GHSA-xrrq-rrgq-h89w: static-alloc vulnerability leads to uninitialized read after allocating MemBump

GHSA-h952-963h-rv99: ExecuTorch vulnerable to Heap-based Buffer Overflow attack

GHSA-hq75-xg7r-rx6c: Better Call routing bug can lead to Cache Deception

GHSA-q745-cfqh-hcrw: phpThumb is vulnerable to Command Injection through its gif_outputAsJpeg function

GHSA-j288-q9x7-2f5v: Apache Commons Lang is vulnerable to Uncontrolled Recursion when processing long inputs

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources.
Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

**Apache Wicket: An attacker can intentionally trigger a memory leak**

Critical severity GitHub Reviewed Published Jan 23, 2025 to the GitHub Advisory Database • Updated Jan 23, 2025

Headline

GHSA-9cxr-76pm-j3wf: Apache Wicket: An attacker can intentionally trigger a memory leak

ghsa: Latest News