ghsa

JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component `/onlDragDatasetHead/getTotalData`.

A vulnerability was identified in Consul and Consul Enterprise such that the server response did not explicitly set a Content-Type HTTP header, allowing user-provided inputs to be misinterpreted and lead to reflected XSS.

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using URL paths in L7 traffic intentions could bypass HTTP request path-based access rules.

A vulnerability was identified in Consul and Consul Enterprise ("Consul") such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

### Impact Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. ### Patches This issue was resolved in version 8.0.0 of the library, all users should update to this version ASAP. ### Workarounds None

### Impacted Products Snowflake JDBC driver versions >= 3.2.6 & <= 3.19.1 are affected. ### Introduction Snowflake recently identified an issue affecting JDBC drivers that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption. The issue, which affects only a subset of accounts hosted on Azure and GCP deployments (AWS deployments are not affected), manifests in instances where customers create a stage using a JDBC driver with the CLIENT_ENCRYPTION_KEY_SIZE account parameter set to 256-bit rather than the default 128-bit. The data is still protected by TLS in transit and server side encryption at rest. This missed layer of the additional protection is not visible to the affected customers. ### Incorrect Security Setting Vulnerability #### Description Snowflake identified an incorrect security setting in Snowflake JDBC drivers. Snowflake has evaluated the severity of the issue and determined it was in mediu...

NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Organization admins can delete pending invites created in an organization they are not part of.