721 matches found
Arbitrary Code Injection
electron is vulnerable to Arbitrary Code Injection. The vulnerability is due to modification of the resources folder when the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses are enabled, because these fuses fail to fully protect ASAR integrity on writable filesystems; an attacker wi...
Arbitrary Code Injection
Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to Arbitrary Code Injection via the computed field parameter in the User module configuration. An attacker can execute arbitrary code by supplying crafted...
Arbitrary Code Injection
Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to inadequate protection of restore functionality because, with a compromised security key and the ability to place an arbitrary file in storage/backups, an attacker can craft a request to /updater/restore-db that...
GHSA-PWF7-47C3-MFHX j178/prek-action vulnerable to arbitrary code injection in composite action
Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...
j178/prek-action vulnerable to arbitrary code injection in composite action
Summary There are three potential attacks of arbitrary code injection vulnerability in the composite action at action.yml. Details The GitHub Action variables inputs.prek-version, inputs.extraargs, and inputs.extra-args can be used to execute arbitrary code in the context of the action. PoC yaml ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the Terraformer process. An attacker can execute arbitrary code with elevated privileges by injecting malicious Terraform configurations during infrastructure provisioning. Note: This is only exploitable if ...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via improper handling of web content. An attacker can execute arbitrary code or compromise user data by enticing a user to visit a malicious website. Remediation Upgrade Firefox to version 143.0 or higher...
Arbitrary Code Injection
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the supabaseRPCFilter parameter. An attacker with administrative privileges can execute arbitrary server-side code, access sensitive environment variables, and...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the gonja template parsing process. An attacker can access arbitrary files on the server by injecting malicious template statements into prompts. Allowing an attacker to insert a statement into a prompt to...
Arbitrary Code Injection
Overview pyinstaller is a package that bundles a Python application and all its dependencies into a single package Affected versions of this package are vulnerable to Arbitrary Code Injection in the bootstrap process. An attacker can achieve arbitrary code execution by placing malicious files or...
Arbitrary Code Injection
Overview simstudio is a Sim Studio CLI - Run Sim Studio with a single command Affected versions of this package are vulnerable to Arbitrary Code Injection via the route.ts function. An attacker can execute arbitrary code by supplying crafted input to the code argument. Remediation A fix was pushe...
Arbitrary code injection vulnerability in Keras framework < 2.13
...
Arbitrary Code Injection
...