12 matches found
@hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails
Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated compliant-looking evidence could suppress violations for different zones, hostnames, origins, or repositories in the same stack. Patched in 1.3.2...
GHSA-Q2F7-M237-V562 @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators
Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...
GHSA-Q5R6-9QWQ-G2WJ Amazon.IonDotnet is vulnerable to Denial of Service attacks
Summary Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will no...
CVE-2025-11573
An infinite loop issue in Amazon.IonDotnet library versions v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not...
CVE-2025-11573
CVE-2025-11573 affects Amazon.IonDotnet library. Versions earlier than 1.3.2 are vulnerable to an infinite loop triggered by specially crafted text input, leading to denial of service. Remediation is to upgrade to 1.3.2 or higher; the library has been deprecated as of 2025-08-20 and will not rece...
PYSEC-2023-182
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
PT-2023-28896 · Openfga · Openfga
Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 1.3.2 Description: OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. This can cause the server to...
PT-2023-21244 · Apache · Apache Linkis
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue is related to a Zip Slip problem in the Manager module engineConn material upload, which does not check the zip path. This can lead to a potential RCE vulnerability...
PT-2022-28046 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.2 Description: The issue concerns an unrestricted upload of files with dangerous types. There is no information provided about the estimated number of potentially affected devices worldwide or detai...
PT-2022-21312 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.2 Description: The issue concerns code injection in the microweber/microweber GitHub repository. It is also described as an HTML injection vulnerability that can be exploited by an attacker to...
GHSA-7R5F-7QR4-PF6Q Sandbox Breakout / Arbitrary Code Execution in notevil
Versions of notevil prior to 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to prevent access to the Function constructor by not checking the return values of function calls. This allows attackers to access the Function prototype's constructor leading t...
PT-2019-10437 · WordPress · Cf7-Invisible-Recaptcha
Name of the Vulnerable Software and Affected Versions: cf7-invisible-recaptcha plugin versions prior to 1.3.2 for WordPress Description: The issue is related to a Cross-Site Scripting XSS problem. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a...