Risicle

**Name of the Vulnerable Software and Affected Versions** Graphite Web (affected versions not specified) **Description** A problem has been found in Graphite Web that affects unknown code of the Cookie Handler component. This issue leads to cross-site scripting and can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Graphite Web (affected versions not specified) **Description** A problem was found in Graphite Web that affects some unknown processing of the component Template Name Handler. The manipulation leads to cross-site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, it is recommended to apply a patch. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. As a temporary workaround, consider restricting access to the Template Name Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Graphite Web (affected versions not specified) **Description** A problem was found in Graphite Web. It affects an unknown function of the Absolute Time Range Handler component. The issue leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. **Recommendations** Apply a patch to fix this issue. The name of the patch is 2f178f490e10efc03cd1d27c72f64ecab224eb23. As a temporary workaround, consider restricting access to the Absolute Time Range Handler component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Pillow versions prior to 9.2.0 **Description** The issue is related to improper handling of highly compressed GIF data, which can lead to data amplification. This can be exploited by a remote attacker to perform a denial-of-service (DoS) attack using a specially crafted GIF file. **Recommendations** For Pillow versions prior to 9.2.0, update to version 9.2.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of highly compressed GIF data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** asyncpg versions prior to 0.21.0 **Description** The issue allows a malicious PostgreSQL server to trigger a crash or execute arbitrary code on a database client via a crafted server response. This is due to access to an uninitialized pointer in the array data decoder. **Recommendations** For versions prior to 0.21.0, update to version 0.21.0 or later to resolve the issue.