It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. For Debian 10 buster, these problems have been fixed in version
A file traversal vulnerability was discovered in src:ruby-sinatra, a popular web server often used with Ruby on Rails. We now validate that any expanded paths match the allowed `public_dir` when serving static files.
Several security vulnerabilities have been discovered in Wordpress, a popular content management framework. Possible SQL injection and cross-site scripting (XSS) flaws may allow a remote attacker to execute arbitrary code or facilitate the injection of client-side scripts.