0Xbadca7

**Name of the Vulnerable Software and Affected Versions** Redash open-source versions 8.0.0 and prior **Description** An authenticated Server-Side Request Forgery (SSRF) was discovered via the `JSON` data source. This issue provides flexibility in crafting HTTP requests, such as adding headers and selecting any HTTP verb. Possibly, other connectors are affected. **Recommendations** For Redash open-source versions 8.0.0 and prior, consider disabling the `JSON` data source as a temporary workaround until a patch is available. Restrict access to potentially vulnerable connectors to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Typora versions prior to 0.9.9.31.2 on macOS Typora versions prior to 0.9.81 on Linux **Description** A mutation cross-site scripting issue leads to remote code execution through Mermaid code blocks. This occurs due to improper HTML sanitization when a file is opened in Typora, which is based on the Electron framework. The lack of proper sanitization allows for the execution of code in an unsandboxed environment. **Recommendations** For Typora versions prior to 0.9.9.31.2 on macOS, update to version 0.9.9.31.2 or later to resolve the issue. For Typora versions prior to 0.9.81 on Linux, update to version 0.9.81 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Mermaid code blocks in Typora until a patch is applied.