10 matches found
CVE-2025-68157
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...
CVE-2025-68157
Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTPS resolver HttpUriPlugin enforces allowedUris only for the initial URL, but does not re-validate allowedUris after following HTTP 30x redirects. As a result, an import that...
SUSE CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
GNU Guix 安全漏洞
Gnu Guix is an open source, cross-platform package manager for the GNU community. Gnu Guix suffers from an elevation of privilege vulnerability that stems from allowing privilege escalation, where a local user can access the build output. No details of the vulnerability are provided at this time...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
CVE-2024-52867
Summary: CVE-2024-52867 affects GNU Guix, specifically the guix-daemon prior to 5ab3c4c. Local users can escalate privileges because build outputs may be accessible before file metadata concerns for setuid/setgid programs are addressed. Affected component: guix-daemon (GNU Guix) before the refere...
CVE-2024-52867
guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns e.g., for setuid and setgid programs are properly addressed. The vulnerability can be remediated within the product via certain pull, reconfigure, a...
PT-2024-35469 · Gnu Guix · Gnu Guix
Name of the Vulnerable Software and Affected Versions: GNU Guix versions before 5ab3c4c Description: A privilege escalation issue exists because build outputs are accessible by local users before file metadata concerns, such as for setuid and setgid programs, are properly addressed. This issue ca...