@hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

GHSA-2FFM-HXRQ-QQMM @hulumi/drift: Orphan reconciler accepted externally supplied execute plans

Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation input to be treated as trusted. Patched in 1.3.2: execute-plan handling now validates provenance and rejects untrusted plans, with...

CVE-2025-51857

The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks...

Halo 安全漏洞

Halo is a powerful and easy-to-use open source website builder from Halo Open Source. A security vulnerability exists in Halo v.2.20.18LTS and earlier versions, which stems from cross-site scripting in the reconcile method of the AttachmentReconciler class...

Malicious code in pay-reconciler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2ebf90fee62eaa35da095882fe22a5cc2163801652334e5441101fb02a336b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4718 Malicious code in pay-reconciler (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2ebf90fee62eaa35da095882fe22a5cc2163801652334e5441101fb02a336b2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...