14 matches found
CVE-2023-28433
creationtimestamp| type| source ---|---|--- 2023-03-22 23:36:24+00:00| seen| https://t.me/cibsecurity/60534...
CVE-2023-28433 vulnerabilities
Vulnerabilities for packages: minio...
CVE-2023-28433 vulnerabilities
Vulnerabilities for packages: minio...
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...
CVE-2023-28433 Minio Privilege Escalation on Windows via Path separator manipulation
Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key,...
CVE-2023-28433
MinIO on Windows is affected by a privilege-escalation issue where the product fails to filter the backslash () character, enabling an attacker with low privileges (e.g., a limited PutObject key) to place objects across buckets and create an admin user. The concrete root cause is path separator h...
CVE-2023-28433
Last updated 24 July 2024...
cv-letter (=1.0.0), docogen (>=0.0.3 <=0.1.6) +4 more potentially affected by CVE-2020-28433 via node-latex-pdf (=0.0.2)
node-latex-pdf NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-latex-pdf and may be impacted: - cv-letter =1.0.0 - docogen =0.0.3, =0.0.1, =0.0.7 - resume-builder-iitrpr =1.0.0 Source cves: CVE-2020-28433 Source advisory:...
CVE-2020-28433
creationtimestamp| type| source ---|---|--- 2022-08-02 18:17:46+00:00| seen| https://t.me/cibsecurity/47407...
CVE-2020-28433
This affects all versions of package node-latex-pdf...
CVE-2020-28433
CVE-2020-28433 affects all versions of the npm package node-latex-pdf. Multiple sources describe a command injection vulnerability arising from insecure handling in the package (notably in the compilation/execution flow of the internal function, enabling arbitrary commands to be injected). The cr...
CVE-2020-28433 Command Injection
This affects all versions of package node-latex-pdf...
CVE-2022-28433
creationtimestamp| type| source ---|---|--- 2022-04-22 00:27:25+00:00| seen| https://t.me/cibsecurity/41278...
cv-letter (=1.0.0), docogen (>=0.0.3 <=0.1.6) +4 more potentially affected by CVE-2020-28433 via node-latex-pdf (=0.0.2)
node-latex-pdf NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-latex-pdf and may be impacted: - cv-letter =1.0.0 - docogen =0.0.3, =0.0.1, =0.0.7 - resume-builder-iitrpr =1.0.0 Source cves: CVE-2020-28433 Source advisory:...