CVE-2023-46248

Cody is an artificial intelligence AI coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.json and...

PT-2023-29927 · Microsoft · Vscode

Name of the Vulnerable Software and Affected Versions: Cody AI VSCode extension versions 0.10.0 through 0.14.0 Description: The issue concerns Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file .vscode/cody.jso...

SUSE-SU-2023:4162-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

CVE-2023-45823

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

GHSA-HMQ4-C2R4-5Q8H Artifact Hub arbitrary file read vulnerability

Impact During a security audit of Artifact Hub's code base, a security researcher at OffSec identified a bug in which by using symbolic links in certain kinds of repositories loaded into Artifact Hub, it was possible to read internal files. Artifact Hub indexes content from a variety of sources,...

Artifact Hub Path Traversal Vulnerability

Artifact Hub is a web-based application that finds, installs, and distributes packages and configurations for CNCF projects. A security vulnerability exists in Artifact Hub that stems from the ability to read internal files through the use of symbolic links loaded into certain types of repositori...

PT-2023-29712

Name of the Vulnerable Software and Affected Versions Artifact Hub versions prior to 1.16.0 Description Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. A security researcher identified a bug in which by using...

The vulnerability of the distributed Git version control system for Windows lies in the use of an unreliable path for checking orthography of cloned repositories, allowing a perpetrator to execute arbitrary code.

The vulnerability of the distributed Git version control system for Windows is related to the use of an unreliable path for checking orthography of cloned repositories. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...

The vulnerability of the distributed Git version control system for Windows lies in the use of an unreliable path for checking orthography of cloned repositories, which allows a malicious user to escalate their privileges.

The vulnerability of the distributed Git version control system for Windows is related to the use of an unreliable path for checking orthography of cloned repositories. Exploiting this vulnerability can allow a perpetrator to increase their privileges...

How to Protect Against Data Lake Hacking

Data lakes, or centralized repositories for large-scale data, are a popular solution for data storage, and there are good reasons for that. Data lakes are flexible and cost-effective, as they allow many object formats and multiple query engines, and there is no need to manage or pay for resources...

Xxe

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack OOB-XXE, just parsing XML can lead to exfiltration of local tex...

Dependabot impersonators cause trouble on GitHub

GitHub is experiencing issues of the "breached account and malicious code" variety. ITPro reports that unnamed individuals have been compromising accounts and using them to install malware capable of password theft. Its a fairly elaborate scam which even includes imitation of GitHubs popular...

CVE-2023-3115

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositori...

Code injection

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositori...

CVE-2023-3115 Incorrect User Management in GitLab

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositori...

CVE-2023-3115 Incorrect User Management in GitLab

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositori...

GitLab 11.11 < 16.2.8 / 16.3 < 16.3.5 / 16.4 < 16.4.1 (CVE-2023-3115)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not...