11 matches found
Malicious code in zer0onedate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...
MAL-2026-5535 Malicious code in zer0onedate (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 106494bfe4420962c30d8b3989a1397d197f277079c71b8d15695c9128d72399 On npm install, postinstall.js executes a chain of curl commands that read cloud instance metadata service IMDS endpoints — AWS...
BIT-GRAFANA-PYROSCOPE-2025-41118 Sensitive COS `SecretKey` exposed in plaintext via configuration API due to missing type protection
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
[SECURITY] Fedora 44 Update: rust-reqsign-0.20.0-1.fc44
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
Exposure of Storage Secret in Pyroscope
Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage COS. If the database is configured to use Tencent COS as the storage backend, an attacker could extract the secretkey configuration value from the...
PT-2026-3780
Name of the Vulnerable Software and Affected Versions Pyroscope versions prior to 1.15.2 Pyroscope versions prior to 1.16.1 Description When configured to use Tencent Cloud Object Storage COS as the storage backend, the Pyroscope API may expose the secret key configuration value. An attacker with...
[SECURITY] Fedora 41 Update: rust-reqsign-0.18.1-1.fc41
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
[SECURITY] Fedora 43 Update: rust-reqsign-0.18.1-1.fc43
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
[SECURITY] Fedora 43 Update: rust-reqsign-0.18.0-1.fc43
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
[SECURITY] Fedora 42 Update: rust-reqsign-0.18.0-1.fc42
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...
[SECURITY] Fedora 41 Update: rust-reqsign-0.18.0-1.fc41
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent and Oracle services...