167 matches found
CVE-2024-37904
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
CVE-2024-34084
Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...
UBUNTU-CVE-2024-51482
ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37. = 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.65...
GO-2024-2582 Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder
Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
GO-2024-2934 Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder
Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder...
Denial Of Service (DoS)
github.com/stacklok/minder is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of input validation within the Clone method when handling Git URLs provided by Minder users. The vulnerability allows Minder users to clone large repositories without enforcing size limits, leadi...
CVE-2024-37904
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
CVE-2024-37904
CVE-2024-37904 affects Minder’s Git provider, which can be DoS’d by cloning a large or malicious repository into memory via go-git/go-git/v5. The root cause is that user-controlled Git URLs are cloned without a repository size limit and the entire repo is loaded into memory, enabling memory exhau...
CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder
Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...
GHSA-HPCG-XJQ5-G666 Minder affected by denial of service from maliciously configured Git repository
Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on these lines:...
Minder Security Vulnerability
Minder is an open source platform that helps development teams and the open source community build more secure software and prove to others that the software they build is secure. A security vulnerability exists in versions prior to Minder v0.0.52 that stems from a maliciously configured Git...
PT-2024-27013 · Ca Technologies · Siteminder Web Agent For Domino Web Server +1
Name of the Vulnerable Software and Affected Versions: SiteMinder Web Agent for IIS Web Server affected versions not specified SiteMinder Web Agent for Domino Web Server affected versions not specified Description: A CRLF cross-site scripting issue has been identified in certain configurations of...
GO-2024-2885 Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder
Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder...
GO-2024-2701 Minder GetRepositoryByName data leak in github.com/stacklok/minder
Minder GetRepositoryByName data leak in github.com/stacklok/minder...
Denial Of Service (DoS)
github.com/stacklok/minder is vulnerable to a Denial Of Service DoS. The vulnerability is due to the sigstore verifier reading an untrusted response entirely into memory without enforcing a limit on the response body. The vulnerability allows an attacker to crash the Minder server and deny other...
GHSA-8FMJ-33GW-G7PW Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...
Denial of service of Minder Server from maliciously crafted GitHub attestations
Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...
CVE-2024-35238
Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...