CVE-2022-23951 Keylime's quote responses can contain untrusted ZIP data which can lead to zip bombs.
This issue has been resolved in 6.3.0.
Before upgrading to 6.3.0, make sure to disable the quote feature in your settings,
CVE-2022-31679 An attacker can access HTTP PATCH requests to the REST API in 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older versions if they know the structure of the domain model.
For example, they can use this technique to cause a service to generate a new revision of a given entity every time an HTTP request
CVE-2022-3250 An insecure cookie was placed in a HTTPS session by a GitHub repository before 2.4.6.
If a browser requests a file over HTTP instead of HTTPS, it will show a lock symbol in the URL bar. Modern browsers come with
CVE-2022-35086 A commit 772e55a2 of the SFTW tools contained a segmentation violation.
This commit was discovered to be problematic when the compiler is used in a build of a program that links with third-party libraries. This may
CVE-2022-1580 The Site Offline Or Coming Soon Or Maintenance Mode plugin before 1.5.3 prevents users from accessing a website if the URL contains certain keywords.
For example, if you wanted to stop users from accessing your website via Google or Microsoft Bing by adding the keywords "Bing" or
Episode
00:00:00
00:00:00