GHSA-95v9-hv42-pwrj: gnark is vulnerable to signature malleability in EdDSA and ECDSA due to missing scalar checks

GHSA-fvqv-593q-qp8r: Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect

GHSA-xwc5-q44v-p6gg: Liferay Portal User Enumeration Vulnerability via the Create Account Page

GHSA-655h-hg88-5qmf: Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety

GHSA-vv6j-3g6g-2pvj: Picklescan missing detection when calling pytorch function torch.utils._config_module.load_config

Path resolution in `warp::filters::fs::dir` didn't correctly validate Windows paths
meaning paths like `/foo/bar/c:/windows/web/screen/img101.png` would be allowed
and respond with the contents of `c:/windows/web/screen/img101.png`. Thus users
could potentially read files anywhere on the filesystem.

This only impacts Windows. Linux and other unix likes are not impacted by this.


**Warp vulnerable to Path Traversal via Improper validation of Windows paths**

High severity GitHub Reviewed Published Jan 31, 2023 to the GitHub Advisory Database

Headline

GHSA-8v4j-7jgf-5rg9: Warp vulnerable to Path Traversal via Improper validation of Windows paths

ghsa: Latest News