Zelivans

**Name of the Vulnerable Software and Affected Versions** Asciidoctor versions prior to 1.5.8 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This loop occurs because `Parser.next block` does not exhaust all lines in the reader as expected, due to a disagreement between regular expressions detecting any list and those detecting a specific list type, causing lines to be pushed back onto the reader. **Recommendations** For versions prior to 1.5.8, update to version 1.5.8 or later to resolve the issue. As a temporary workaround, consider disabling the `Parser.next block` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** etcd versions 3.3.1 and earlier **Description** A cross-site request forgery flaw was found, allowing an attacker to set up a website that tries to send a POST request to the etcd server and modify a key. Since adding a key is done with PUT, it is theoretically safe, but POST allows creating in-order keys that an attacker can send. **Recommendations** For etcd versions 3.3.1 and earlier, consider disabling the POST request functionality to the etcd server as a temporary workaround until a patch is available. Restrict access to the etcd server to minimize the risk of exploitation. Avoid using the POST method in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** etcd versions 3.3.1 and earlier **Description** A DNS rebinding issue allows an attacker to control DNS records, directing them to localhost and tricking the browser into sending requests to localhost or any other address. **Recommendations** For etcd versions 3.3.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.