7830 matches found
Variable Injection
zx is vulnerable to Variable Injection. The vulnerability is due to improper handling of environment variables due to the ability of an attacker to inject unintended values into process.env, potentially leading to arbitrary command execution or unexpected behavior in security-sensitive applicatio...
GHSA-QWP8-X4FF-5H87 ZX Allows Environment Variable Injection for dotenv API
Impact This vulnerability is an Environment Variable Injection issue in dotenv.stringify, affecting google/zx version 8.3.1. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or...
CVE-2025-24959
zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...
UBUNTU-CVE-2025-24959
zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...
CVE-2025-24959 Environment Variable Injection for dotenv API in zx
zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...
PT-2025-5603 · Zx +1 · Zx +1
Name of the Vulnerable Software and Affected Versions: zx versions prior to 8.3.2 Description: An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in application...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to CVE-2024-10979
Summary IBM Sterling Connect:Direct Web Service uses PostgreSQL, Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. Vulnerability Details CVEID:CVE-2024-10979 DESCRIPTION: Incorrect...
BIT-GITLAB-2024-11931 Insufficient Granularity of Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have been possible for users with developer role to exfiltrate protected CI variables via CI lint...
CVE-2024-54536
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables...
CVE-2024-54536
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables...
CVE-2024-54536
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables...
CVE-2024-54536
The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables...
Malicious code in getpublicip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 041ba7130d1460fe6480d062c61c78db3b88cc5c6d060913d0501fdbdc7c35b0 If installed using source package, the package collects selected environment variables, including GITHUBTOKEN if set, and sends to an external service. The...
MAL-2025-191738 Malicious code in getpublicip (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 041ba7130d1460fe6480d062c61c78db3b88cc5c6d060913d0501fdbdc7c35b0 If installed using source package, the package collects selected environment variables, including GITHUBTOKEN if set, and sends to an external service. The...
GHSA-VQF5-2XX6-9WFM GitHub PAT written to debug artifacts
Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to th...
GitHub PAT written to debug artifacts
Impact summary In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to th...
CVE-2025-24362
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CVE-2025-24362
CVE-2025-24362 concerns CodeQL Action when debug artifacts are enabled. In certain failed CodeQL analyses on Java/Kotlin repos, the uploaded debug artifacts could contain environment variables from the workflow run, including secrets such as the GITHUB_TOKEN. The token could be valid for the dura...
CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...
CVE-2025-24362 CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...