Lucene search
K

5 matches found

Snyk
Snyk
added 2026/01/07 10:55 p.m.2 views

Command Injection

Overview @pnpm/npm-conf is a Get the npm config Affected versions of this package are vulnerable to Command Injection via environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker can execute arbitrary code by controlling environment variables during...

7.8CVSS7.9AI score0.00949EPSS
Exploits1References2
PyPA
PyPA
added 2023/11/24 8:15 a.m.5 views

PYSEC-2023-268

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.The information exposed to unauthorized actors may include sensitive data such as database credentials.Users who can't upgrade to the fixed version can also set environment variable...

7.5CVSS6.7AI score0.01201EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2023/06/08 9:15 p.m.7 views

PYSEC-2023-88

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

8.8CVSS8.1AI score0.01841EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.5 views

PT-2022-24942 · Unknown · @Keystone-6/Core

Name of the Vulnerable Software and Affected Versions: @keystone-6/core versions 3.0.0 through 3.0.1 Description: The issue arises when NODE ENV is inlined to "development" for user code, regardless of the environment variables. This affects users who use NODE ENV to trigger security-sensitive...

9.8CVSS9.4AI score0.01486EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2022/09/02 12:0 a.m.5 views

PT-2022-4953

Name of the Vulnerable Software and Affected Versions: @next-auth/upstash-redis-adapter versions prior to 3.0.2 Description: The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checked for the identifier when verifying the token in the emai...

8.1CVSS8.2AI score0.006EPSS
Exploits0References11
Rows per page
Query Builder