ECHO-A2CB-9FEB-100C From https://github.com/nltk/nltk/pull/3468 (merge commit 1056b32).

Bulletin has no description...

@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces

Context Content Security Policies CSP are a defense-in-depth strategy against XSS attacks. Improper application of CSP isn't itself a vulnerability, but it does fail to prevent XSS in the event that there is a viable attack vector for an XSS attack. Impact There aren't any XSS attack vectors via...

CVE-2019-1010304

Saleor Issue was introduced by merge commit: e1b01bad0703afd08d297ed3f1f472248312cc9c. This commit was released as part of 2.0.0 release is affected by: Incorrect Access Control. The impact is: Important. The component is: ProductVariant type in GraphQL API. The attack vector is: Unauthenticated...

CVE-2019-1010304

CVE-2019-1010304 affects Saleor’s GraphQL API (ProductVariant in the GraphQL schema) where Incorrect Access Control allowed an unauthenticated user to access data via the publicly exposed /graphql/ endpoint. The issue enables exposure of potentially admin-restricted shop revenue data. Impact is d...