@misskey-dev/summaly is a Get web page's summary

Affected versions of this package are vulnerable to Origin Validation Error in got.scpaping. An attacker can probe a victim's internal network for HTTP services that aren't supposed to be exposed to the outside world by using an HTTP redirect to bypass IP filtering. This is only exploitable if the attacker can manipulate the HTTP HEAD and GET requests to redirect to a private IP address.

salt is a new approach to infrastructure management built on a dynamic communication bus. Salt can be used for data-driven orchestration, remote execution for any infrastructure, configuration management for any app stack, and much more.

Affected versions of this package are vulnerable to Arbitrary Command Injection via the on demand pillar process when a specially crafted git URL is provided. An attacker can execute arbitrary commands on the master with the same privileges as the master process by exploiting access to a minion key.

org.apache.kafka:kafka-clients is a streaming platform that can publish and subscribe to streams of records, store streams of records in a fault-tolerant durable way, and process streams of records as they occur.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to improper handling of configuration data in the sasl.jaas.config property. An attacker can achieve arbitrary code execution by injecting a malicious configuration that causes the server to connect to an attacker-controlled LDAP server and deserialize untrusted data, leading to execution of deserialization gadget chains.

Note:

This is only exploitable if the attacker has access to alterConfig for a cluster resource or Kafka Connect worker and can create or modify connectors with arbitrary Kafka client SASL JAAS configuration.