6 matches found
CVE-2026-45407
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...
EUVD-2026-39802
Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...
arcane 安全漏洞
Arcan is an open-source Docker management software developed by Arcane. Versions of Arcan prior to 1.19.0 contained security vulnerabilities. These vulnerabilities stemmed from multiple endpoints in the Huma-based REST API that did not call the checkAdmin helper function. Additionally, the...
EUVD-2025-19655
Malicious code in bioql PyPI...
EUVD-2023-1011
Malicious code in bioql PyPI...
PT-2023-20454 · Buildctl +2 · Buildctl +2
Name of the Vulnerable Software and Affected Versions: BuildKit versions v0.11.0 through v0.11.3 Description: The issue arises when a build request contains a Git URL with credentials and creates a provenance attestation describing the build. These credentials could be visible from the provenance...