advisory-database issues

[GHSA-hw49-2p59-3mhj] The net/http HTTP/1.1 client mishandled the case where a...

**Updates** - Affected products - Summary **Comments** Missing version constraint for the CVE. Source: https://go-review.googlesource.com/c/go/+/591255 (merged into 1.21 and 1.22 release branch)

chbiel

[GHSA-pgj4-g5j4-cmfx] cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

1

**Updates** - Affected products **Comments** This is for Magento 1. Why is it throwing an error on a Magento 2 project?

fpurser

[GHSA-5rg9-mjfx-pqq5] ArcGIS Enterprise Server 10.8.0 allows a remote attacker...

**Updates** - Affected products - Description - References - Summary **Comments** https://nvd.nist.gov/vuln/detail/CVE-2024-37694

RandallWilliams

[GHSA-hg58-rf2h-6rr7] CometBFT is unstability during blocksync when syncing from malicious peer

2

**Updates** - Affected products **Comments** CometBFT experiences instability during block synchronization when syncing from a malicious peer. This issue arises because the malicious peer can disrupt the sync process, causing...

AHMED11178

[GHSA-4mgv-m5cm-f9h7] Vault GitHub Action did not correctly mask multi-line secrets in output

1

**Updates** - Affected products **Comments** HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive information from log files because a multi-line secret was not correctly registered...

GAEAlimited

Missing advisories for npm packages from CVE-2024-4067

1

The npm packages `braces` and `micromatch` have been reported as susceptible to CVE-2024-4067. While the CVE and [advisory](https://github.com/advisories/GHSA-952p-6rrq-rcjv) are officially "unreviewed", the vulnerabilities have been clearly established and reported to...

aarongoldenthal

[GHSA-6269-grv3-jc94] An issue was discovered in the stripTags and unescapeHTML...

1

**Updates** - Affected products - Summary **Comments** The webjar contains the affected javascript

mcr-paulanand

False positive for quarkus-core 3.8.4 vulnerability

2

hello I am experiencing some issues regarding this component I am using quarkus-core 3.8.4 and it raises whith github advisories this finding: https://github.com/advisories/GHSA-f8h5-v2vg-46rr Can you please tell me why i...

khaledgithubwl

[GHSA-g5h3-w546-pj7f] Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

3

**Updates** - Affected products **Comments** Older versions of the package as mentioned in the description are affected by this vulnerability. Same is highlighted in the maven repository https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-actuator-autoconfigure

namandf

[GHSA-77r5-gw3j-2mpf] Next.js Vulnerable to HTTP Request Smuggling

2

**Updates** - Affected products - CVSS **Comments** Suggestions are submitted as a pull request to be reviewed by the GitHub Security Curators team.

myHerbDev

advisory-database
advisory-database copied to clipboard

Metadata

[GHSA-hw49-2p59-3mhj] The net/http HTTP/1.1 client mishandled the case where a...

[GHSA-pgj4-g5j4-cmfx] cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction

[GHSA-5rg9-mjfx-pqq5] ArcGIS Enterprise Server 10.8.0 allows a remote attacker...

[GHSA-hg58-rf2h-6rr7] CometBFT is unstability during blocksync when syncing from malicious peer

[GHSA-4mgv-m5cm-f9h7] Vault GitHub Action did not correctly mask multi-line secrets in output

Missing advisories for npm packages from CVE-2024-4067

[GHSA-6269-grv3-jc94] An issue was discovered in the stripTags and unescapeHTML...

False positive for quarkus-core 3.8.4 vulnerability

[GHSA-g5h3-w546-pj7f] Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry

[GHSA-77r5-gw3j-2mpf] Next.js Vulnerable to HTTP Request Smuggling

← Metadata

Owner

Metadata

advisory-database advisory-database copied to clipboard

Metadata

← Metadata

Owner

Metadata

advisory-database
advisory-database copied to clipboard