Source
ghsa
### Impact Importing a malicious `.mrpack` file can cause path traversal while downloading files. This can lead to scripts or config files being placed or replaced at arbitrary locations, without the user noticing. ### Patches No patches yet. ### Workarounds Avoid importing `.mrpack` files from untrusted sources. ### References https://docs.modrinth.com/docs/modpacks/format_definition/#files
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.
Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4.
Unbounded recursion in JSON parsing allows malicious JSON input to cause excessive memory consumption or panics.
Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4.
Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4.