5 matches found
Command Injection
Overview @pnpm/npm-conf is a Get the npm config Affected versions of this package are vulnerable to Command Injection via environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker can execute arbitrary code by controlling environment variables during...
PYSEC-2023-268
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.The information exposed to unauthorized actors may include sensitive data such as database credentials.Users who can't upgrade to the fixed version can also set environment variable...
PYSEC-2023-88
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...
PT-2022-24942 · Unknown · @Keystone-6/Core
Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 3.0.0 through 3.0.1 Description: The issue arises when NODE ENV is inlined to "development" for user code, regardless of the environment variables. This affects users who use NODE ENV to trigger security-sensitive...
PT-2022-4953
Name of the Vulnerable Software and Affected Versions: @next-auth/upstash-redis-adapter versions prior to 3.0.2 Description: The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checked for the identifier when verifying the token in the emai...