GHSA-7xqm-7738-642x: File Browser's Uncontrolled Memory Consumption vulnerability can enable DoS attack due to oversized file processing

GHSA-7mcq-f592-pf7v: Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs

GHSA-7xwp-2cpp-p8r7: File Browser’s insecure JWT handling can lead to session replay attacks after logout

GHSA-vhvx-8xgc-99wf: DSpace is vulnerable to Path Traversal attacks when importing packages using Simple Archive Format

GHSA-jjwr-5cfh-7xwh: DSpace is vulnerable to XML External Entity injection during archive imports 

Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored in the server and used by the client into an unsanitized DOM element. When chained with CVE-2024-6534, it could result in account takeover.

**Code injection in Directus**

Moderate severity GitHub Reviewed Published Aug 15, 2024 to the GitHub Advisory Database • Updated Aug 15, 2024

Headline

GHSA-qf6h-p3mr-vmh5: Code injection in Directus

ghsa: Latest News