In HTTP/1.1 client for Node.js (Undici), a low severity vulnerability CVE-2024-30261 was detected. This vulnerability allows attackers to change a setting to make their fake requests look real, allowing them to sneak in harmful alterations undetected. However, there’s no confidentiality or availability impact. The issue is fixed in versions 5.28.4 and 6.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-30261.
Read more Application DevelopmentThe identified XSS vulnerability in Typebot’s sign-in page, up to version 2.24.0, posed a significant security threat by potentially allowing attackers to compromise user accounts. By exploiting the redirectPath parameter in the URL, attackers could execute malicious JavaScript, thereby gaining unauthorized access. The release of version 2.24.0 signifies a proactive response to address this vulnerability, reinforcing Typebot’s commitment to user security and the integrity of its platform.
Read more Application DevelopmentIn Grafana versions 9.5.0 to 10.3.5 a medium security vulnerability CVE-2024-1313 was detected. This vulnerability allows a user from a different organization to delete a snapshot by bypassing authorization using its view key. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-1313.
Read more Application Development