MAL-2022-6572 Malicious code in tilled-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d123fddcb18367f3ca5df73ee43dfd1f0fff9b5755b07ed392f9f70e7f9797f9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in frn-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6510b676b0a865d924429b9b3a41ad4365e754db47f2fa6b34f9305237b7aea2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3213 Malicious code in frn-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6510b676b0a865d924429b9b3a41ad4365e754db47f2fa6b34f9305237b7aea2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1831 Malicious code in carpenter-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73b80c64be64124594a8fbe7518c6cdc1a3d6b7708e35da5e78de3a95b896168 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in carpenter-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 73b80c64be64124594a8fbe7518c6cdc1a3d6b7708e35da5e78de3a95b896168 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1874 Malicious code in chainlink-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98f7c227698d07bc8f6d7cc5c45565f8971534e634ac4ee67bbdbe7275264ce5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chainlink-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 98f7c227698d07bc8f6d7cc5c45565f8971534e634ac4ee67bbdbe7275264ce5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5101 Malicious code in openstack-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31090ff688f4cfd0017eacf09e0f12f4f4e674cce06594cddfb2c91ffd21272d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in openstack-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31090ff688f4cfd0017eacf09e0f12f4f4e674cce06594cddfb2c91ffd21272d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5390 Malicious code in pod-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80e090d39edd41df4974cec8d792fc8b2d94bc0b6e25d65438ca010ce8f4694d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in pod-api-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80e090d39edd41df4974cec8d792fc8b2d94bc0b6e25d65438ca010ce8f4694d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the Kubeclient::Config implementation in the REST API client for Kubernetes allows a attacker to perform a “man-in-the-middle” attack.

The vulnerability of the Kubeclient::Config implementation for the REST API client of Kubernetes allows for certificate validation process errors. Exploiting this vulnerability could enable a malicious actor to carry out a “man-in-the-middle” attack...

@codedungeon/gunner (>=0.38.0 <=0.80.1), @codedungeon/laravel-versions-cli (=0.1.0) +22 more potentially affected by CVE-2021-3807 via ansi-regex (>=4.0.0 <=4.1.0)

ansi-regex NPM version =4.0.0, =0.38.0, =0.0.65, =0.0.0, =0.0.41, =0.0.12, =0.0.0, =0.2.0, =3.3.69, =0.0.3, =0.2.11, =5.1.0, =4.0.58, =3.0.58, =6.0.17, =6.1.110 and more Source cves: CVE-2021-3807 Source advisory: OSV:GHSA-93Q8-GQ69-WQMW...

CVE-2021-21430

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

Design/Logic Flaw

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data...

CVE-2021-21430

OpenAPI Generator contains a vulnerability where code generated for Java/Scala performs insecure temporary file creation via File.createTempFile, risking exposure of application/data when handling binary uploads/downloads. Affected generators include Java (jersey2, okhttp-gson default) and scala-...

CVE-2021-21428

Openapi generator is a java tool which allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. openapi-generator-online creates insecure temporary folders with File.createTempFile during the code generation...

CVE-2021-21428

CVE-2021-21428 affects the OpenAPI Generator project. The issue originates in the openapi-generator-online component, where temporary folders/files were created using File.createTempFile, allowing other users on the same system to read and potentially modify the auto-generated files. Root cause d...

Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain

Impact Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery SSRF. Resolution Validate the provided Zendesk subdomain to be a valid subdomain in: getAuthUrl getAccessToken...

CVE-2021-21429

OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using File.createTempFile in JDK will result in creating and using insecure temporary files that can leave application and system data vulnerable to...