CVE-2024-43428

To address a cache poisoning risk in Moodle, additional validation for local storage was required...

GHSA-X768-CVR2-345R Un-sanitized metric name or labels can be used to take over exported metrics

Impact In code which applies un-sanitized string values into metric names or labels, like this: swift let lang = try? request.query-getString.self, at: "lang" Counter label: "language", dimensions: "lang", lang ?? "unknown" an attacker could make use of this and send a ?lang query parameter...