Jasmin Landry

**Name of the Vulnerable Software and Affected Versions** IBM Aspera Shares versions 1.9.9 through 1.10.0 PL7 **Description** The issue allows a remote authenticated attacker to expose sensitive information or consume memory resources through an XML external entity injection (XXE) attack when processing XML data. **Recommendations** For versions 1.9.9 through 1.10.0 PL7, update to a version that includes a fix for the XML external entity injection issue to prevent XXE attacks.

**Name of the Vulnerable Software and Affected Versions** @isomorphic-git/cors-proxy versions prior to 2.7.1 **Description** The issue is related to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. This allows for potential exploitation. **Recommendations** For versions prior to 2.7.1, update to version 2.7.1 or later to resolve the issue. As a temporary workaround, consider disabling the redirection action in middleware.js until a patch is available. Restrict access to the middleware.js module to minimize the risk of exploitation.