153 matches found
CVE-2023-51387 Expression Injection Vulnerability in Hertzbeat
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a...
VulnCheck KEV: CVE-2021-21479
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...
GHSA-HW6R-G8GJ-2987 Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...
PT-2023-33030 · Facebook · Pytorch
Name of the Vulnerable Software and Affected Versions: pytorch/pytorch affected versions not specified Description: The filter-test-configs workflow in pytorch/pytorch is vulnerable to an expression injection in Actions. This allows an attacker to potentially leak secrets and alter the repository...
Apache Ambari 安全漏洞
Apache Ambari is an application from the Apache USA Foundation. It provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari versions 2.7.0 through 2.7.6, which originates from a SpringEL...
CVE-2023-28430 OneSignal repository github action command injection
OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...
CVE-2023-28430 OneSignal repository github action command injection
OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...
PT-2023-21716 · Onesignal · Onesignal
Name of the Vulnerable Software and Affected Versions: OneSignal affected versions not specified Description: The issue concerns a workflow triggered by closed issues, utilizing a GitHub repository token with full write permissions. This allows an attacker to potentially take over the GitHub...
Siemens Mendix Expression Injection Vulnerability
Mendix is a high-productivity application platform that enables the building and continuous improvement of mobile and web applications at scale.Siemens Mendix is vulnerable to an expression injection vulnerability that could be exploited by an attacker to compromise sensitive information in a...
CVE-2022-34466
A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...
CVE-2022-34466
A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...
CVE-2022-34466
A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...
CVE-2022-34466
A vulnerability has been identified in Mendix Applications using Mendix 9 All versions = V9.11 V9.15, Mendix Applications using Mendix 9 V9.12 All versions V9.12.3. An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running...
CVE-2022-34466
CVE-2022-34466: A Mendix expression-injection vulnerability in the Workflow subsystem of Mendix Runtime affects Mendix 9 deployments. Affected are Mendix 9 versions 9.11–9.15 and 9.12 before 9.12.3. The issue could allow a malicious user to leak sensitive information in certain configurations. Re...
Siemens Mendix Applications using Mendix 9 注入漏洞
Mendix is a high-productivity application platform that enables the building and continuous improvement of mobile and web applications at scale.Siemens Mendix is vulnerable to an expression injection vulnerability that could be exploited by an attacker to compromise sensitive information in a...
PT-2022-22172 · Mendix · Mendix
Name of the Vulnerable Software and Affected Versions: Mendix Applications using Mendix 9 versions 9.11 through 9.14 Mendix Applications using Mendix 9 version 9.12 versions prior to 9.12.3 Description: An expression injection vulnerability was discovered in the Workflow subsystem of Mendix...
Update on Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)
Background On June 20, 2022 Spring released Spring Data MongoDB 3.4.1 and 3.3.5 to address a critical CVE report: CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods. This vulnerability was originally reported on June 13, 2022...
GHSA-2C6Q-RGVJ-66RX Apache Tiles Vulnerable to XSS via EL Expression Injection
Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language EL expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive information via unspecified vectors, related to th...
Exploit for Code Injection in Vmware Spring_Cloud_Function
Spring Cloud Function SpEL Expression Injection Vulnerability...