3 matches found
Updated cockpit packages fix security vulnerabilities
CVE-2026-4631, Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects...
-tompan-reacttemplate (>=1.0.1 <=1.1.0), 02-infrastructure (=1.0.0) +53822 more potentially affected by CVE-2021-23337 via lodash.template (>=2.2.1 <=4.5.0)
lodash.template NPM version =2.2.1, =1.0.1, =0.0.2, =0.0.10 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 - 0xgank-tea-characteristic =1.0.0 -...
UBUNTU-CVE-2021-23337
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...