Htrgouvea

**Name of the Vulnerable Software and Affected Versions** Syft versions prior to 1.42.3 **Description** Syft did not properly remove temporary files if temporary storage became full during a scan. This occurred when unpacking archives, specifically with large or highly compressed archives. The issue caused Syft to exit without deleting temporary files, leading to depletion of temporary storage and potentially preventing future Syft runs or other system utilities from functioning correctly. **Recommendations** Update to version 1.42.3 or later.

**Name of the Vulnerable Software and Affected Versions** Audited versions 4.0.0 through 5.3.3 **Description** A race condition exists in Audited that can result in an authenticated user causing audit log entries to be attributed to another user. This issue is related to Audited's use of `Thread.current` in certain setups with threaded web servers, which can incorrectly attribute audits to the wrong user. The problem was first identified in November 2021 and a solution was implemented in a pull request, with the fix being published in version 5.3.3. **Recommendations** For Audited versions 4.0.0 through 5.3.3, update to version 5.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to threaded web server setups to minimize the risk of exploitation.