GHSA-vx9q-rhv9-3jvg: aircompressor Snappy and LZ4 Java-based decompressor implementation can leak information from reused output buffer

GHSA-3jp5-5f8r-q2wg: Vuetify has a Prototype Pollution vulnerability

GHSA-9w3x-85mw-4fwm: Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component

GHSA-m5gv-vj3f-6v2p: Liferay Portal and DXP Instance Admin can execute code using Objects Actions and Validations

GHSA-55jh-84jv-8mx8: Lightning Flow Scanner Vulnerable to Code Injection via Unsafe Use of `new Function()` in APIVersion Rule

Versions of the package mysql2 before 3.9.3 are vulnerable to Improper Input Validation through the `keyFromFields` function, resulting in cache poisoning. An attacker can inject a colon `:` character within a value of the attacker-crafted key.

**mysql2 cache poisoning vulnerability**

Moderate severity GitHub Reviewed Published Apr 10, 2024 to the GitHub Advisory Database • Updated Apr 12, 2024

Headline

GHSA-mqr2-w7wj-jjgr: mysql2 cache poisoning vulnerability

ghsa: Latest News