3extensions (=1.0.1), @51jbs/incremental-coverage-plugin (=1.0.5) +594 more potentially affected by CVE-2022-25912 +1 more via simple-git (>=3.0.3 <=3.35.2)

simple-git NPM version =3.0.3, =1.0.1, =1.0.1, =0.0.0-ad-beta.1, =0.0.0-aj-beta.3, =23.0.0, =35.0.0, =1.4.0, =0.1.5-alpha.0, =1.0.2, =0.0.0-aj-beta.221, =8.7.2, =8.11.4 and more Source cves: CVE-2022-25912, CVE-2026-6951 Source advisory: SNYK:JS-SIMPLEGIT-15456078...

CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

CVE-2022-23643

CVE-2022-23643 covers a side-channel vulnerability in Sourcegraph Code Monitors. Affected are Sourcegraph 3.35 and 3.36, where private-source strings could be inferred by an authenticated but unauthorized actor via the Code Monitoring feature. The root cause is a reintroduced issue that was previ...