GHSA-4j3c-42xv-3f84: Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector

GHSA-ggmv-j932-q89q: Chall-Manager's HTTP Gateway is vulnerable to DoS due to missing header timeout

GHSA-r7fm-3pqm-ww5w: Chall-Manager's scenario decoding process does not check for zip bombs

GHSA-3gv2-v3jx-r9fh: Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive

GHSA-54xv-94qv-2gfg: @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

`core/authorize.php` in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of `hash_salt` is `file_get_contents` of a file that does not exist.

**Drupal Full Path Disclosure**

Low severity GitHub Reviewed Published Aug 29, 2024 to the GitHub Advisory Database • Updated Aug 29, 2024

Headline

GHSA-mg8j-w93w-xjgc: Drupal Full Path Disclosure

ghsa: Latest News