Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`

Impact The Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener e.g. xdg-open on Linux. This was meant to be restricted to a reasonable number of protocols like htt...

GHSA-97M3-52WR-XVV2 Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE

Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...

Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE

Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...

PT-2023-24192 · Unknown · Bigbluebutton

Name of the Vulnerable Software and Affected Versions: BigBlueButton affected versions not specified Description: BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions, a Server-Side Request Forgery SSRF vulnerability exists. Th...