Cache-Money

**Name of the Vulnerable Software and Affected Versions** Junrar versions prior to 7.5.8 **Description** Junrar is an open source java RAR archive library. A path traversal flaw exists in the `LocalFolderExtractor` component. When processing a specially crafted RAR archive on Linux/Unix systems, an attacker can write files to arbitrary locations on the filesystem. This can potentially lead to remote code execution through actions like overwriting system files such as shell profiles, source code, or scheduled tasks. The vulnerability is due to insufficient validation of file paths during extraction. **Recommendations** Update Junrar to version 7.5.8 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions prior to 11.6.10 GitLab Community and Enterprise Edition versions 11.7.x prior to 11.7.6 GitLab Community and Enterprise Edition versions 11.8.x prior to 11.8.1 **Description** An issue was discovered that allows CSRF. **Recommendations** For versions prior to 11.6.10, update to version 11.6.10 or later. For versions 11.7.x prior to 11.7.6, update to version 11.7.6 or later. For versions 11.8.x prior to 11.8.1, update to version 11.8.1 or later.