Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2026/05/21 8:47 p.m.22 views

@hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails

Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated compliant-looking evidence could suppress violations for different zones, hostnames, origins, or repositories in the same stack. Patched in 1.3.2...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 8:45 p.m.5 views

GHSA-Q2F7-M237-V562 @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified condition operators

Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in GOIDC1. Set-qualified operators such as ForAnyValue:StringLike could hide wildcard GitHub Actions OIDC sub conditions from the mandatory guardrail. Patched in 1.3.2: the AW...

9.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2025/10/09 10:15 p.m.3 views

GHSA-Q5R6-9QWQ-G2WJ Amazon.IonDotnet is vulnerable to Denial of Service attacks

Summary Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data. An issue exists where, under certain circumstances, the library could an infinite loop, resulting in denial of service. As of August 20, 2025, this library has been deprecated and will no...

8.7CVSS7AI score0.00403EPSS
Exploits0References7
NVD
NVD
added 2025/10/09 6:15 p.m.7 views

CVE-2025-11573

An infinite loop issue in Amazon.IonDotnet library versions v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not...

8.7CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 2025/10/09 5:48 p.m.20 views

CVE-2025-11573

CVE-2025-11573 affects Amazon.IonDotnet library. Versions earlier than 1.3.2 are vulnerable to an infinite loop triggered by specially crafted text input, leading to denial of service. Remediation is to upgrade to 1.3.2 or higher; the library has been deprecated as of 2025-08-20 and will not rece...

8.7CVSS6.4AI score0.00403EPSS
Exploits0References3
PyPA
PyPA
added 2023/09/29 9:14 p.m.14 views

PYSEC-2023-182

opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS8.1AI score0.99735EPSS
Exploits9References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.7 views

PT-2023-28896 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 1.3.2 Description: OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. This can cause the server to...

5.9CVSS6.7AI score0.00751EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/04/10 12:0 a.m.5 views

PT-2023-21244 · Apache · Apache Linkis

Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.1 and earlier Description: The issue is related to a Zip Slip problem in the Manager module engineConn material upload, which does not check the zip path. This can lead to a potential RCE vulnerability...

9.8CVSS7AI score0.01808EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/12/24 12:0 a.m.5 views

PT-2022-28046 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.2 Description: The issue concerns an unrestricted upload of files with dangerous types. There is no information provided about the estimated number of potentially affected devices worldwide or detai...

7.2CVSS4.9AI score0.38236EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.3 views

PT-2022-21312 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 1.3.2 Description: The issue concerns code injection in the microweber/microweber GitHub repository. It is also described as an HTML injection vulnerability that can be exploited by an attacker to...

6.1CVSS4.8AI score0.01395EPSS
Exploits1References8
OSV
OSV
added 2020/09/03 7:3 p.m.2 views

GHSA-7R5F-7QR4-PF6Q Sandbox Breakout / Arbitrary Code Execution in notevil

Versions of notevil prior to 1.3.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to prevent access to the Function constructor by not checking the return values of function calls. This allows attackers to access the Function prototype's constructor leading t...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/09/09 12:0 a.m.6 views

PT-2019-10437 · WordPress · Cf7-Invisible-Recaptcha

Name of the Vulnerable Software and Affected Versions: cf7-invisible-recaptcha plugin versions prior to 1.3.2 for WordPress Description: The issue is related to a Cross-Site Scripting XSS problem. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a...

6.1CVSS5.8AI score0.00916EPSS
Exploits0References5
Rows per page
Query Builder