11 matches found
RHCOS 4 : OpenShift Container Platform 4.7.13 (RHSA-2021:2122)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2122 advisory. - golang: data race in certain net/http servers including ReverseProxy can lead to DoS CVE-2020-15586 - golang: ReadUvarint and...
Malicious Package
Overview ty-config-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in ty-config-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdfad9d372aeb95a258e5f5c732b57d1d226d7101ccf09a33cd3eb93ab45d59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2026-2103 Malicious code in ty-config-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6fdfad9d372aeb95a258e5f5c732b57d1d226d7101ccf09a33cd3eb93ab45d59 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Improper Privilege Management vulnerability in Apache Kafka Client
Apache Kafka Clients are vulnerable to improper privilege management due to the use of ConfigProvider plugins that can read from disk or environment variables. This could allow an attacker to read arbitrary contents of the disk and environment variables, potentially escalating from REST API acces...
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
Malicious code in service-config-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 40822518b54e1e34955d491e8ede52f50b7da5e2146715795dade573b232ec10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
Malicious code in node-config-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6245de88dda255b54977801c4cb54ca206cf3e832670277220fba95bf3707455 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4881 Malicious code in node-config-provider (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6245de88dda255b54977801c4cb54ca206cf3e832670277220fba95bf3707455 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...