[SECURITY] Fedora 42 Update: rust-pty-process-0.5.3-1.fc42

Spawn commands attached to a pty...

[SECURITY] Fedora 43 Update: rust-pty-process-0.5.3-1.fc43

Spawn commands attached to a pty...

CVE-2025-62193 NOAA PMEL Live Access Server (LAS) PyFerret command injection

Sites running NOAA PMEL Live Access Server LAS are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unauthenticated attacker can execute arbitrary OS commands. Fixed in a version of...

happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript

Summary The mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads. Details The untrusted script and the rest of the application still run in the same Isolate/process, s...

GHSA-QPM2-6CQ5-7PQ5 happy-dom's `--disallow-code-generation-from-strings` is not sufficient for isolating untrusted JavaScript

Summary The mitigation proposed in GHSA-37j7-fg3j-429f for disabling eval/Function when executing untrusted code in happy-dom does not suffice, since it still allows prototype pollution payloads. Details The untrusted script and the rest of the application still run in the same Isolate/process, s...