5 matches found
PT-2026-1013
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.30.0 Description The write headers function in cpp-httplib does not properly validate user-supplied headers, specifically failing to check for carriage return CR and line feed LF characters. This allows attacker...
SUSE CVE-2024-53848
check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attack...
Acceptance of Extraneous Untrusted Data With Trusted Data
Overview check-jsonschema is an A jsonschema CLI and pre-commit hook Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data via the default caching mechanism for remote schemas. An attacker can manipulate the cache to insert a malicious schem...
SUSE CVE-2024-52009
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials tokens ghs... when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on...
PYSEC-2021-321
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses externrefs in Wasmtime. To trigger thi...