19 matches found
Argument injection via newline in PHP INI values forwarded to child processes
Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...
Security update for phpunit (important)
openSUSE Security Update: Security update for phpunit Announcement ID: openSUSE-SU-2026:0061-1 Rating: important References: 1257381 Cross-References: CVE-2026-24765 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...
Fedora 42 : phpunit8 (2026-8a7678fa99)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8a7678fa99 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...
Fedora 42 : phpunit11 (2026-c3b42a28dd)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3b42a28dd advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...
Fedora 43 : phpunit8 (2026-dad4e31f49)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dad4e31f49 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...
Fedora 43 : phpunit11 (2026-8ccfe50c58)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8ccfe50c58 advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...
Fedora 43 : phpunit9 (2026-8d8a292bba)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8d8a292bba advisory. Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE...
EUVD-2024-41606
Malicious code in bioql PyPI...
CVE-2024-45798
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2024-45798
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2024-45798 Multiple Poisoned Pipeline Execution (PPE) vulnerabilities
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...
CVE-2024-45798
The CVE-2024-45798 entry concerns the arduino-esp32 Arduino core for ESP32/variants. The connected documents describe multiple Poisoned Pipeline Execution (PPE) vulnerabilities in the CI workflow, specifically code injection in tests_results.yml (GHSL-2024-169) and environment variable injection ...
PT-2024-31779 · Arduino · Arduino-Esp32
Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...
CVE-2024-41127
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127
CVE-2024-41127 affects Monkeytype via its GitHub Actions workflow ci-failure-comment.yml. A vulnerability in the workflow’s handling of the artifact variable (./pr_num/pr_num.txt) allows interpolation into a JS script after the value is not validated as a number, enabling an attacker to gain writ...
PT-2024-29282 · Unknown · Monkeytype
Name of the Vulnerable Software and Affected Versions: Monkeytype versions prior to 24.30.0 Description: The issue concerns a Poisoned Pipeline Execution through Code Injection in the ci-failure-comment.yml GitHub Workflow of Monkeytype. This vulnerability allows attackers to gain pull-requests...