CVE-2024-25865

Cross Site Scripting XSS vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function...

CVE-2024-25865

CVE-2024-25865 describes a Cross-Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allowing remote attackers to execute arbitrary code via the algolia search function. The issue is documented across multiple sources (NVD, Red Hat, GHSA, OSV, CNNVD, etc.) with consistent descriptio...

CVE-2023-25865

Adobe Substance 3D Stager is affected by an Improper Input Validation flaw in OBJ file parsing that can lead to arbitrary code execution in the context of the current user. Root cause: insufficient validation during OBJ parsing, causing memory corruption/RCE. Affected versions: 2.0.0 and earlier....

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: OSV:GHSA-5875-M6JQ-VF78...

CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

CVE-2022-25865

The vulnerability affects the package workspace-tools prior to 0.18.4. The issue resides in the function fetchRemoteBranch(remote, remoteBranch, cwd) where both the remote and remoteBranch arguments are passed to the git fetch subcommand in a way that allows additional flags to be set, enabling a...

CVE-2022-25865 Command Injection

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

CVE-2022-25865

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranchremote: string, remoteBranch: string, cwd: string function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that...

@fluentui/bundle-size (>=1.1.3 <=1.1.6), @georgs/beachball (=2.22.0) +17 more potentially affected by CVE-2022-25865 via workspace-tools (>=0.10.3 <=0.16.2)

workspace-tools NPM version =0.10.3, =1.1.3, =0.0.2, =0.0.2, =1.3.0, =0.1.1, =1.2.0, =1.0.3, =0.1.2, =6.1.2, =1.48.2, =0.3.0, =1.0.0, =0.13.0, =1.0.1 and more Source cves: CVE-2022-25865 Source advisory: SNYK:JS-WORKSPACETOOLS-2421201...