CVE-2022-39239 On-Demand image optimization for Netlify using ipx. Versions prior to 1.2.3 are vulnerable to brute force attacks that can bypass the source image domain allowlist.
If you are using custom domain mapping or a wildcard mapping, it may be necessary to clear the cache manually by regenerating the mapped subdirectory.
CVE-2022-40088 The vulnerable component was found to contain an XSS flaw, where users can inject malicious code.
An attacker can leverage this vulnerability to conduct XSS attacks against users of the site via client-side scripting languages such as JavaScript or Python. It
CVE-2022-1941 - Protocol Buffers Parsing Vulnerability Can Lead To Out-Of-Memory Denial of Service
Imagine your service starts crashing because of a single malicious message. That’s exactly what CVE-2022-1941 is about—a parsing bug in Google's
CVE-2022-3268 Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2.
In the previous version, you have to provide at least 6 characters, a mix of uppercase and lowercase letters, digits and symbols. In the latest
CVE-2022-23951 Keylime's quote responses can contain untrusted ZIP data which can lead to zip bombs.
This issue has been resolved in 6.3.0.
Before upgrading to 6.3.0, make sure to disable the quote feature in your settings,
Episode
00:00:00
00:00:00