0Xstraw-Hat

**Name of the Vulnerable Software and Affected Versions** multer versions 2.0.0-alpha.1 through 2.1.1 multer version 3.0.0-alpha.1 **Description** A Denial of Service issue exists when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the `Readable.pipe()` call does not propagate the stream destroy signal to the underlying `fs.WriteStream`. This allows an attacker to exhaust disk space by triggering numerous aborted uploads. **Recommendations** Upgrade to version 2.2.0 for versions 2.0.0-alpha.1 through 2.1.1. Upgrade to version 3.0.0-alpha.2 for version 3.0.0-alpha.1.

**Name of the Vulnerable Software and Affected Versions** Zen versions prior to 1.19.12b **Description** In the `promptForFeedUrl()` function, RSS feed URLs entered by the user are validated to ensure they use http: or https: protocols. However, item links within the feed are not subject to this restriction. The provider maps each RSS/Atom item link into `item.url`, filtering only for presence and date. Subsequently, the live-folder manager creates pinned lazy tabs using these values via `gBrowser.addTrustedTab(item.url, ...)`, which can lead to the execution of unauthorized protocols. **Recommendations** Update to version 1.19.12b.

**Name of the Vulnerable Software and Affected Versions** uuid versions prior to 14.0.0 **Description** The software used for creating RFC9562 (formerly RFC4122) UUIDs contains an issue where v3, v5, and v6 accept external output buffers but fail to reject out-of-range writes, such as those involving a small buffer or a large offset. This can lead to silent partial writes into buffers provided by the caller. **Recommendations** Update to version 14.0.0.