3 matches found
GHSA-5VJQ-5JMG-39XQ Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance
When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...
Code Execution
Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Code Execution in the via lockfile maintenance in bazel-module/lockfile.ts, used by bazel-module and bazelisk. An attacker can execute arbitrary code by introducing a malicious dependency that is...
Renovate affected by remote code execution was possible using the bazel-module or bazelisk managers, when using lockFileMaintenance
When using lockFileMaintenance using the bazel-module or bazelisk managers between Renovate 43.65.0 2026-03-12 and 43.102.11 2026-04-02, there was the opportunity for remote code execution from a malicious dependency, if the Bazel module executes code that relies on a dependency. As this is an...