Nstikhomirov

**Name of the Vulnerable Software and Affected Versions** Ant Design Pro version 4.0.0 **Description** The issue concerns a reflected XSS in the `user/login` redirect GET parameter, which affects the authorization component. This leads to the execution of JavaScript code in the login after-action script. **Recommendations** For Ant Design Pro version 4.0.0, consider disabling the redirect parameter in the `user/login` endpoint until a patch is available. Restrict access to the authorization component to minimize the risk of exploitation. Avoid using the redirect GET parameter in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ClickHouse versions prior to 19.13.5.44 ALT Linux (affected versions not specified) **Description** The issue allows HTTP header injection via the `url` table function. There is also a mention of a vulnerability in the ALT Linux package, but details are not provided. **Recommendations** For ClickHouse versions prior to 19.13.5.44, update to version 19.13.5.44 or later to resolve the issue. For ALT Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.