Summary
http4k: BasicCookieStorage` (renamed `InsecureCookieStorage`) did not enforce RFC 6265 cookie scoping; new `DefaultCookieStorage` is now the default
References
Related vulnerabilities
All Supply chain →- MEDIUMGHSA-H4H3-3RFJ-X6FQ
SurrealDB: Indexed ORDER BY leaks the value ordering of a SELECT-restricted field
- LOWGHSA-97PR-9HGG-3P8R
parse-server: LiveQuery discloses object data to a subscriber across an ACL read-access change
- CRITICALGHSA-CCV6-R384-XP75
Langflow: BaseFileComponent-based nodes arbitrary file read with RCE exploit
- MEDIUMGHSA-JR33-MW75-7J8F
dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens
- MEDIUMGHSA-FCW4-WWQM-M8CF
Grafana Operator: Privilege escalation from namespace admin to cluster admin via GrafanaDashboard jsonnetLib fileName
- HIGHGHSA-JXCW-QP4H-6JFQ
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default