PT-2025-49562

ParsedReport ChatGPT Translated Autotext: TI Report Analyser + ChatGPT + Auto Translate ------ В статье подробно описывается методология команды Sekoia по обнаружению угроз и исследованию для автоматизации извлечения конфигурации вредоносного ПО, уделяя особое внимание вредоносному ПО, написанном...

EUVD-2025-24028

Malicious code in bioql PyPI...

CVE-2025-55013

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2025-55013

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

CVE-2025-55013

The CVE-2025-55013 issue affects Assemblyline 4 Service Client. The task_handler.py component accepts a SHA-256 value from the server and uses it directly as a local filename, enabling a path traversal when the server (or a MITM) returns a payload like ../../../etc/cron.d/evil. This can cause the...

CVE-2025-55013 Assemblyline 4 Service Client: Arbitrary Write through path traversal in Client code

The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. In versions below 4.6.1.dev138, the Assemblyline 4 Service Client taskhandler.py accepts a SHA-256 value returned by the service server and uses it directly as a local...

Assemblyline 4 Service Client 安全漏洞

Assemblyline 4 Service Client is a Canadian Centre for Cyber Security open source service client for publishing service results in Assemblyline 4. A security vulnerability exists in Assemblyline 4 Service Client versions prior to 4.6.1.dev138, which stems from the direct use of SHA-256 values...

Arbitrary File Write

assemblyline-service-client is vulnerable to Arbitrary File Write. The vulnerability is due to insufficient validation of file paths, allowing attackers to write files outside the intended directory...

Relative Path Traversal

Overview assemblyline-service-client is an Assemblyline 4 - Service client Affected versions of this package are vulnerable to Relative Path Traversal via the downloadfile function in the taskhandler.py. An attacker can overwrite arbitrary files, corrupt system files, or potentially execute code ...

GHSA-75JV-VFXF-3865 Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

Assemblyline 4 service client vulnerable to Arbitrary Write through path traversal in Client code

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

PT-2025-31837 · Pypi · Assemblyline-Service-Client

Path-Traversal - Arbitrary File Write in Assemblyline Service Client IMPORTANT: This vulnerability is valid if you decide to use the assemblyline-service-client outside of the normal practice to using Assemblyline in a production environment. In practice, this code should always be executed withi...

PT-2025-32425 · Unknown · Assemblyline

Name of the Vulnerable Software and Affected Versions: Assemblyline versions prior to 4.6.1.dev138 Description: The Assemblyline 4 Service Client interfaces with the API to fetch tasks and publish the result for a service in Assemblyline 4. The client accepts a SHA-256 value returned by the servi...

Malicious code in assemblyline_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6698 Malicious code in assemblyline_ruby (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in assemblyline_cli (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

ai.ylyue:yue-library-webflux (=j11.2.6.0), ca.gc.cyber.ops:assemblyline-java-client (>=1.7 <=1.8) +544 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-webflux (>=2.6.0 <=2.6.5)

org.springframework.boot:spring-boot-starter-webflux MAVEN version =2.6.0, =1.7, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =3.1.305, =0.2.2, =1.1.3, =1.1.3, =3.12.0, =5.1.1-jdk1.8, =5.1.1-jdk1.8, =5.1.2-jdk1.8 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...