GHSA-7xqm-7738-642x: File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

GHSA-7mcq-f592-pf7v: Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs

GHSA-7xwp-2cpp-p8r7: File Browser’s insecure JWT handling can lead to session replay attacks after logout

GHSA-vhvx-8xgc-99wf: DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

GHSA-jjwr-5cfh-7xwh: DSpace is vulnerable to XML External Entity injection during archive imports 

Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.


**Allegro AI ClearML vulnerable to deserialization of untrusted data**

High severity GitHub Reviewed Published Feb 6, 2024 to the GitHub Advisory Database • Updated Feb 6, 2024

Headline

GHSA-cpcw-9h9m-wqw9: Allegro AI ClearML vulnerable to deserialization of untrusted data

ghsa: Latest News