Design/Logic Flaw

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

CVE-2024-21624 Potential Information Leak in User-Constructed Message Templates in nonebot2

nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. The identified...

NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

GHSA-59J8-776V-XXXG NoneBot Potential Information Leak in User-Constructed Message Templates

Impact This security advisory pertains to a potential information leak e.g., environment variables in instances where developers utilize MessageTemplate and incorporate user-provided data into templates. Patches The identified vulnerability has been remedied in fix 2509 and will be included in...

PT-2024-18976 · Nonebot2 · Nonebot2

Name of the Vulnerable Software and Affected Versions: nonebot2 versions prior to 2.2.0 Description: This issue pertains to a potential information leak, such as environment variables, when developers use MessageTemplate and incorporate user-provided data into templates. The estimated number of...

CentOS 8 : sudo (CESA-2023:0284)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:0284 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

Design/Logic Flaw

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

CVE-2024-24939

In JetBrains Rider, prior to version 2023.3.3, the product could log environment variables that contained secret values. This was reported across multiple sources (NVD, Red Hat, PRION/PTSecurity and others), with the common root cause described as inadequate handling/logging of sensitive environm...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

JetBrains Rider Security Vulnerability

JetBrains Rider is a cross-platform .NET integrated development environment IDE from the Czech company JetBrains. A security vulnerability exists in JetBrains Rider prior to version 2023.3.3, which stems from the ability to log environment variables containing secret values...

PT-2024-2900 · Jetbrains · Jetbrains Rider

Name of the Vulnerable Software and Affected Versions: JetBrains Rider versions prior to 2023.3.3 Description: The issue is related to insufficient protection of registration data, which may allow an attacker to disclose protected information. Specifically, in JetBrains Rider, logging of...

Sensitive Information Disclosure

github.com/apache/servicecomb-service-center is vulnerable to Sensitive Information Disclosure. The vulnerability allows an attacker to query all environment variables, resulting in Information Disclosure...

containerd environment variable leak

Impact Containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect environment variables, including values that are defined for other containers. If t...

GHSA-6G2Q-W5J3-FWH4 containerd environment variable leak

Impact Containers launched through containerd's CRI implementation through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service that share the same image may receive incorrect environment variables, including values that are defined for other containers. If t...

CVE-2024-24572 facileManager Authenticated Variable Manipulation leading to SQL Injection

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $REQUEST global array was unsafely called inside an extract function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $SESSION via the GET/POST parameters...

CVE-2023-44312 Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...