Ajxchapman

**Name of the Vulnerable Software and Affected Versions** Vega versions prior to 5.13.1 **Description** The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. The `scale` expression function passes a user supplied argument `group` to `getScale`, which is then used as if it were an internal context. The `context.scales[name].value` is accessed from `group` and called as a function back in `scale`. **Recommendations** For versions prior to 5.13.1, update to version 5.13.1 to resolve the issue. As a temporary workaround, consider restricting the use of the `scale` expression function to minimize the risk of exploitation. Avoid using the `group` argument in the `scale` expression function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 12.1.2 GitLab versions prior to 12.0.4 GitLab versions prior to 11.11.6 **Description** A vulnerability exists that allows uploading files from a project archive to replace other users' files, potentially enabling an attacker to replace project binaries or other uploaded assets. **Recommendations** For versions prior to 12.1.2, update to version 12.1.2 or later. For versions prior to 12.0.4, update to version 12.0.4 or later. For versions prior to 11.11.6, update to version 11.11.6 or later.

**Name of the Vulnerable Software and Affected Versions** UniFi Video versions 3.10.0 and prior **Description** The issue is related to the lack of CSRF protection, allowing an attacker to abuse the Web API and make changes to the server configuration without user consent. This can be achieved by luring an authenticated user to access an attacker-controlled page. **Recommendations** For UniFi Video versions 3.10.0 and prior, at the moment, there is no information about a newer version that contains a fix for this vulnerability.