GHSA-V9VM-R24H-6RQM Gogs: Release tag option injection in release deletion

Summary There is a security issue in Gogs where deleting a release can fail if a user-controlled tag name is passed to Git without the right separator, allowing Git option injection and therefore interfering with the process. Affected Component - internal/database/release.go process.ExecDir...,...

BIT-JOOMLA-2020-13762

In Joomla! before 3.9.19, incorrect input validation of the module tag option in commodules allows XSS...

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way.

...

PT-2020-13663 · Open Source Matters · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions prior to 3.9.19 Description: The issue arises from incorrect input validation of the module tag option in com modules, allowing for cross-site scripting XSS. Recommendations: For versions prior to 3.9.19, update to version...