Ev0Ao

**Name of the Vulnerable Software and Affected Versions** AntSword version 2.0.7 **Description** A cross-site scripting (XSS) vulnerability allows remote execution of system commands. **Recommendations** For AntSword version 2.0.7, update to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macaron versions prior to 1.3.7 **Description** The issue is related to an open redirect in the static handler due to improper request sanitization. This allows a specifically crafted URL to cause the static file handler to redirect to an attacker-chosen URL, enabling open redirect attacks. An example of such a URL is http://127.0.0.1:4000//example.com/. **Recommendations** For versions prior to 1.3.7, update to version 1.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the static handler to minimize the risk of exploitation. Avoid using crafted URLs that could trigger the open redirect until the issue is resolved.