Free5gc

The free5GC UDM component fails to validate the `supi` path parameter in six GET handlers, allowing an unauthenticated attacker to inject control characters and trigger a `500 Internal Server Error` that exposes internal infrastructure details.

Free5GC PCF versions prior to 1.4.3 are vulnerable to an authentication bypass due to missing middleware, allowing unauthenticated access to SM policy handlers and disclosure of subscriber SUPI.