CVE-2024-41673 Decidim has a cross-site scripting vulnerability in the version control page

Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8...

PT-2024-29498 · Decidim · Decidim

Name of the Vulnerable Software and Affected Versions: Decidim versions prior to 0.27.8 Description: The version control feature in Decidim is subject to a potential cross-site scripting XSS attack through a malformed URL. This issue was discovered during a security audit organized by Open Source...

Decidim 跨站脚本漏洞

Decidim is an open source participatory democracy framework from Decidim, written in Ruby on Rails. A cross-site scripting vulnerability exists in Decidim versions 0.27.7 and earlier, which stems from the use of version control functionality that may be vulnerable to cross-site scripting XSS...

Decidim has a cross-site scripting vulnerability in the version control page

Impact The version control feature used in resources is subject to potential cross-site scripting XSS attack through a malformed URL. Workarounds Not available References OWASP ASVS v4.0.3-5.1.3 Credits This issue was discovered in a security audit organized by Open Source Politics against Decidi...

Sentry improperly authorizes muting of alert rules

Impact An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by...

ZITADEL has improper HTML sanitization in emails and Console UI

Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...

ROS-20240730-06

A vulnerability in the Git distributed version control system is related to the ability to create the folder "C:.git." Exploitation of the vulnerability could allow an attacker to run arbitrary commands...

CVE-2024-38519

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to the fixed versions, yt-dlp and youtube-dl do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder and path traversal on Windows. Since yt-dlp and youtube-...

The vulnerability of the Branch Name Handler component of the PHP Composer dependency manager allows a attacker to execute arbitrary commands.

The vulnerability of the Branch Name Handler component in the PHP Composer dependency manager is related to the use of the composer install command executed within the git/hg repository. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CGA-H5MH-GQ4V-54J6

Bulletin has no description...

composer security vulnerability

composer is a software application. It provides a statement to manage and install dependencies for PHP projects. A security vulnerability exists in composer versions prior to 2.2.24 and 2.7.7, which stems from the fact that the composer install command run from a git/hg repository with a speciall...

CGA-GCX2-V78G-8R3P

Bulletin has no description...

ROS-20240527-04

A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system ...

GitLab 10.2 < 13.3.9 / 13.4 < 13.4.5 / 13.5 < 13.5.2 (CVE-2020-13352)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: =10.2, =13.4, =13.5, =10.2, =13.4, =13.5,...

CVE-2024-4183

Mattermost versions 8.1.x before 8.1.12, 9.6.x before 9.6.1, 9.5.x before 9.5.3, 9.4.x before 9.4.5 fail to limit the number of active sessions, which allows an authenticated attacker to crash the server via repeated requests to the getSessions API after flooding the sessions table...

CVE-2024-30204 affecting package emacs for versions less than 29.3

CVE-2024-30204 affecting package emacs for versions less than 29.3. A patched version of the package is available...

[SECURITY] Fedora 40 Update: gitit-0.15.1.1-6.fc40

Gitit is a wiki backed by a git, darcs, or mercurial filestore. Pages and uploaded files can be modified either directly via the VCS's command-line too ls or through the wiki's web interface. Pandoc is used for markup processing, so pages may be written in extended markdown, reStructuredText,...

Security Posture Management for GitHub: spotting and fixing risks in your GitHub organization just got a lot easier

Wiz SPM for version control systems helps you find and fix risks in your GitHub instance...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2024-29199 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-29199 Source advisory: OSV:GHSA-M732-WVH2-7CQ4...

Fedora: Security Advisory for jgit (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...