GHSA-wphj-fx3q-84ch: systeminformation has a Command Injection vulnerability in fsSize() function on Windows

GHSA-3f5f-xgrj-97pf: Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

GHSA-cfpf-hrx2-8rv6: Expr has Denial of Service via Unbounded Recursion in Builtin Functions

GHSA-g239-q96q-x4qm: @vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint

GHSA-c623-f998-8hhv: SIPGO is Vulnerable to Response DoS via Nil Pointer Dereference

Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.


**Allegro AI ClearML vulnerable to deserialization of untrusted data**

High severity GitHub Reviewed Published Feb 6, 2024 to the GitHub Advisory Database • Updated Feb 6, 2024

Headline

GHSA-cpcw-9h9m-wqw9: Allegro AI ClearML vulnerable to deserialization of untrusted data

ghsa: Latest News