CVE-2023-45822

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

EUVD-2023-2711

Malicious code in bioql PyPI...

EUVD-2023-2736

Malicious code in bioql PyPI...

EUVD-2023-2749

Malicious code in bioql PyPI...

CVE-2023-45821

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

GO-2023-2134 Artifact Hub allows unsafe rego built-in in github.com/artifacthub/hub

Artifact Hub allows unsafe rego built-in in github.com/artifacthub/hub...

GO-2023-2135 Artifact Hub has Incorrect Docker Hub registry check in github.com/artifacthub/hub

Artifact Hub has Incorrect Docker Hub registry check in github.com/artifacthub/hub...

GO-2023-2136 Artifact Hub arbitrary file read vulnerability in github.com/artifacthub/hub

Artifact Hub arbitrary file read vulnerability in github.com/artifacthub/hub...

Arbitrary File Read

github.com/artifacthub/hub is vulnerable to Arbitrary File Read. The vulnerability is due to a lack of proper validation whether a file is a symbolic link or not. This flaw enables an attacker to read arbitrary files in the system, potentially leading to the leakage of sensitive information when...

CVE-2023-45822

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

CVE-2023-45821

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

Input validation

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

Authorization

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

Design/Logic Flaw

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the registryIsDockerHub function was only checking that the...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45823

CVE-2023-45823 affects Artifact Hub. A bug allowed reading arbitrary files when processing git-based repositories loaded into Artifact Hub, due to insufficient validation of symbolic links in certain repositories. The root cause is lack of validation of symbolic links during repository cloning/pr...

CVE-2023-45822 Unsafe rego built-in allowed in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...