Kc Udonsi

**Name of the Vulnerable Software and Affected Versions** Apache Tapestry versions 5.4.0 through 5.6.3 **Description** The issue allows an attacker to download files inside WEB-INF using a specially-constructed URL, due to incomplete fix for a previous issue. This affects the context asset handling of Apache Tapestry. **Recommendations** For Apache Tapestry versions 5.4.0 through 5.6.3, update to a version that includes a complete fix for the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Visual Studio Code (affected versions not specified) **Description** The issue is related to incorrect code generation management in the settings.json file of Microsoft Visual Studio Code, allowing an attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.