Msrc Cm1 Mozjs60 60.9.0-13 On Cbl Mariner 1.0 vulnerabilities

CVE-2023-34411 [HIGH] CWE-611 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to

CVE-2023-25193 [HIGH] CWE-770 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is

CVE-2022-48285 [HIGH] CWE-22 loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mos