Codex Exposed: Exploring the Capabilities and Risks of OpenAI’s Code Generator

The first of a series of blog posts examines the security risks of Codex, a code generator powered by the GPT-3 engine...

Fedora: Security Advisory for rust-cranelift-codegen (FEDORA-2021-1805eacb48)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: rust-cranelift-codegen-meta-0.77.0-1.fc34

Metaprogram for cranelift-codegen code generator library...

[SECURITY] Fedora 34 Update: rust-cranelift-codegen-0.77.0-1.fc34

Low-level code generator library...

Fedora: Security Advisory for rust-cranelift-codegen (FEDORA-2021-68713440cb)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: rust-cranelift-codegen-0.77.0-1.fc35

Low-level code generator library...

Jeecg-boot CMS Arbitrary File Upload Vulnerability

Jeecg-Boot is an intelligent development platform based on code generator. Jeecg-boot CMS version 2.3 of /jeecg-boot/sys/common/upload is vulnerable to arbitrary file upload, which can be exploited by attackers to execute arbitrary code...

CVE-2021-32629

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

PYSEC-2021-87

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

CVE-2021-32629 Memory access due to code generation flaw in Cranelift module

Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape i...

CVE-2021-32629

Cranelift’s x64 backend bug in 0.73 (and certain earlier builds when the new backend is explicitly selected) can sign-extend a loaded i32 value, potentially enabling sandbox escapes in Wasm modules and exposing memory up to 2 GiB before the heap. Wasmtime and Lucet using Cranelift may be exploita...

Fedora: Security Advisory for slic3r (FEDORA-2021-473e880567)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for slic3r (FEDORA-2021-1d72d8cea2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: slic3r-1.3.0-19.fc34

Slic3r is a G-code generator for 3D printers. It's compatible with RepRaps, Makerbots, Ultimakers and many more machines. See the project homepage at slic3r.org and the documentation on the Slic3r wiki for more information...

@3kmfi6hp/nodejs-proxy (>=1.0.0 <=1.0.4), @aarhus-university/au-designsystem-delphinus (>=1.0.0 <=1.2.0) +342 more potentially affected by CVE-2021-21353 via pug-code-gen (>=0.0.0 <=1.1.1)

pug-code-gen NPM version =0.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0, =0.2.0, =0.0.1, =0.0.2, =0.8.10, =0.0.9, =1.0.0, =2.1.1-alpha.1 and more Source cves: CVE-2021-21353 Source advisory: OSV:GHSA-P493-635Q-R6GR...

GHSA-P493-635Q-R6GR Remote code execution via the `pretty` option.

Impact If a remote attacker was able to control the pretty option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. Patches Upgrad...

Kubernetes: Index Out Of Bounds in protobuf unmarshalling

Report Submission Form Summary: I have recently discovered a bug in the gogo/protobuf code generator. This bug allows for an index out of bounds when unmarshalling certain protobuf objects. The bug is that a check is lacking when skipping certain bytes. There are numerous occurrences of this bug...

GHSA-9W87-4J72-GCV7 Insecure Default Configuration in graphql-code-generator

Versions of graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets NODETLSREJECTUNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process. Recommendation Upgrade to version 0.18.2 ...

Insecure Default Configuration in graphql-code-generator

Versions of graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets NODETLSREJECTUNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process. Recommendation Upgrade to version 0.18.2 ...

@absa-subatomic/openshift-api (>=0.0.1 <=0.0.2), @atomist-seeds/empty-sdm (>=1.0.0-atomist-update-branch-master-20190328081334.20190328081445 <=1.0.0-master.20190328082132) +24 more potentially affected by unknown CVE via graphql-code-generator (>=0.10.7 <=0.17.0)

graphql-code-generator NPM version =0.10.7, =0.0.1, =1.0.0-atomist-update-branch-master-20190328081334.20190328081445, =0.3.7, =1.0.2, =1.1.0, =0.1.2, =0.1.0-master.20190213110409, =1.0.3-atomist-update-branch-master-1543218569607.20181126075034, =1.0.0-master.20190215080022, =1.0.0, =0.11.10,...