Institute

**Name of the Vulnerable Software and Affected Versions** amazon-redshift-python-driver versions prior to 2.1.14 **Description** Unsafe use of Python's `eval()` function on data received from a server within the `vector in()` function allows a rogue server or man-in-the-middle actor to execute arbitrary code on the client. **Recommendations** Upgrade to version 2.1.14.

**Name of the Vulnerable Software and Affected Versions** Apache Commons versions 2.2 through 2.14.x **Description** An uncontrolled recursion issue exists when processing untrusted configuration files. Specifically, the software throws a StackOverflowError—a runtime error that occurs when the call stack exceeds its allocated memory—when handling YAML input containing cycles. **Recommendations** Upgrade to version 2.15.0.

**Name of the Vulnerable Software and Affected Versions** Nagios Log Server versions prior to 2024R1.3.1 **Description** The software contains a code injection issue stemming from inadequate validation of dashboard ID values before they are processed by an internal API. An attacker can leverage crafted dashboard ID values to execute arbitrary code within the Log Server process. The affected API receives dashboard ID values without proper sanitization, allowing for potential code execution. The vulnerable parameter is the dashboard ID. **Recommendations** Update to version 2024R1.3.1 or later.