GHSA-25xr-qj8w-c4vf: Apache Tomcat Coyote vulnerable to Denial of Service via excessive HTTP/2 streams

GHSA-wr62-c79q-cv37: Apache Tomcat Catalina is vulnerable to DoS attack through bypassing of size limits

GHSA-4j3c-42xv-3f84: Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

**Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin**

Low severity GitHub Reviewed Published Jan 24, 2024 to the GitHub Advisory Database • Updated Jan 24, 2024

Headline

GHSA-f67f-2j6r-m4c9: Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin

ghsa: Latest News