GHSA-j22h-9j4x-23w5: mcp-server-git has missing path validation when using --repository flag

GHSA-9xwc-hfwc-8w59:  mcp-server-git argument injection in git_diff and git_checkout functions allows overwriting local files

GHSA-vvg7-8rmq-92g7: Auth0 WordPress has Improper Audience Validation via Auth0-PHP SDK Dependency

GHSA-f3r2-88mq-9v4g: Auth0 Symfony SDK has Improper Audience Validation via Auth0-PHP SDK

GHSA-7hh9-gp72-wh7h: Auth0 Laravel SDK has Improper Audience Validation via Auth0-PHP SDK dependency

JJWT (aka Java JWT) through 0.12.5 ignores certain characters and thus a user might falsely conclude that they have a strong key. The impacted code is the setSigningKey() method within the DefaultJwtParser class and the signWith() method within the DefaultJwtBuilder class.

**JJWT improperly generates signing keys**

Moderate severity GitHub Reviewed Published Apr 1, 2024 to the GitHub Advisory Database • Updated Apr 1, 2024

Headline

GHSA-r65j-6h5f-4f92: JJWT improperly generates signing keys

ghsa: Latest News