Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass

Summary Use of raw file descriptors in opnodeipcpipe leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Details Node childprocess IPC relies on the JS side to pass the raw IPC file descript...

Session Cache API - Critical - Multiple vulnerabilities - DRUPAL-SA-CONTRIB-2017-065

This module does not safely deal with serialization. CVE identifiers issued ACVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes. Versions affected Session Cache API 7.x-1.4 Drupal core is not affected. If you do not use the contributed...

OAuth - Critical - Access Bypass - SA-CONTRIB-2017-056

This module enables you to protect requests via the OAuth authentication protocol. The module doesn't sufficiently notify the Cache API to avoid caching responses under the scenario in which an authenticated user requests a resource such as unpublished node. This vulnerability is mitigated by the...