10 matches found
CVE-2021-32724
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...
GHSA-G86G-CHM8-7R2P check-spelling workflow vulnerable to token leakage via symlink attack
Impact For a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the GITHUBTOKEN, it's possible to push commits to the repository bypassing standard approval...
CVE-2021-32724
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...
CVE-2021-32724
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...
Design/Logic Flaw
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...
CVE-2021-32724
CVE-2021-32724 affects the GitHub Action check-spelling (check-spelling/check-spelling). In workflows that run on pull_request_target or schedule, a crafted PR can cause exposure of the GITHUB_TOKEN, enabling the attacker to push commits with repository-level access and potentially exfiltrate sec...
CVE-2021-32724 check-spelling workflow vulnerable to GITHUB_TOKEN leakage via symlink attack
check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...
check-spelling 日志信息泄露漏洞
check-spelling is a spell checker. check-spelling suffers from a log information disclosure vulnerability that allows an attacker to bypass the standard approval process to push commits to the repository, commits to the repository can then steal any/all secrets available to the repository...
CVE-2004-2585
Cross-site scripting XSS vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area...
CVE-2004-2585
The CVE-2004-2585 entry affects SmarterTools SmarterMail 1.6.1511 and 1.6.1529, where the XSS flaw occurs in frmCompose.aspx, allowing remote attackers to inject arbitrary script/HTML via Javascript in the compose area's “check spelling” feature. The vulnerability arises from how user-supplied in...