4 matches found
RHSA-2026:34365 Red Hat Security Advisory: Satellite 6.19.2 Async Update
Bulletin has no description...
GHSA-9M84-WC28-W895 Ghost has incomplete CSRF protections around OTC use
Impact Incomplete CSRF protections around /session/verify made it possible to use OTCs in login sessions different from the requesting session. In some scenarios this might have made it easier for phishers to take over a Ghost site. Vulnerable versions This vulnerability is present in Ghost from...
GHSA-3G92-W8C5-73PQ Undici vulnerable to data leak when using response.arrayBuffer()
Impact Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. Patches This has been patched in v6.19.2. Workarounds There are no known workaround. References https://github.com/nodejs/undici/issues/3337...
UBUNTU-CVE-2024-38372
Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. This has been patched in v6.19.2...