CVE-2022-23531

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

CVE-2022-23531 Arbitrary file write when scanning a specially-crafted local PyPI package

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to 0.1.5 are vulnerable to Relative Path Traversal when scanning a specially-crafted local PyPI package. Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine...

CVE-2022-23531

CVE-2022-23531 affects GuardDog (CLI to identify malicious PyPI packages). A Relative Path Traversal flaw exists in GuardDog versions prior to 0.1.5 during extraction of .tar.gz packages, allowing an attacker to write arbitrary files on the host when scanning a specially crafted local PyPI packag...

CVE-2022-23530

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

PYSEC-2022-42993

GuardDog is a CLI tool to identify malicious PyPI packages. Versions prior to v0.1.8 are vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package. Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destinati...

CVE-2022-23530

CVE-2022-23530 affects GuardDog prior to v0.1.8, where scanning a remotely fetched PyPI package could trigger arbitrary file writes. The root cause is using shutil.unpack_archive() on a crafted tarball without validating that extracted paths stay within the destination directory, allowing writes ...

AzureHound - Azure Data Exporter For BloodHound

The BloodHound data collector for Microsoft Azure Get AzureHound Release Binaries Download the appropriate binary for your platform from one of our Releases. Rolling Release The rolling release contains pre-built binaries that are automatically kept up-to-date with the main branch and can be...

Security Bulletin: IBM Integration Bus is vulnerable to denial of service due to npm CLI module [IBM X-Force ID: 237508]

Summary IBM Integration Bus is vulnerable to denial of service due to npm CLI module IBM X-Force ID: 237508. This affects the version of Node.js which is shipped with IBM Integration Bus for which a mitigation has been recommended. Vulnerability Details IBM X-Force ID: 237508 DESCRIPTION: Node.js...

Directory Traversal

@easy-team/easywebpack-cli is vulnerable to directory traversal. The vulnerability exists in the downloadTemplate function in template.js due to a lack of hiding the file mode which allows an attacker to obtain sensitive information via malicious GET request...

GHSA-252H-2CMQ-PMR6 easywebpack-cli Path Traversal vulnerability

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

easywebpack-cli Path Traversal vulnerability

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

CVE-2020-24855

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

CVE-2020-24855

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

Directory traversal

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

PT-2022-8697 · Unknown · Easywebpack-Cli

Name of the Vulnerable Software and Affected Versions: easywebpack-cli versions prior to 4.5.2 Description: A Directory Traversal issue allows attackers to obtain sensitive information by sending a crafted GET request. Recommendations: For versions prior to 4.5.2, update to version 4.5.2 or later...

CVE-2020-24855

CVE-2020-24855 is a directory traversal vulnerability in the open source tool easywebpack-cli prior to version 4.5.2 . The issue arises in the package’s template handling (notably the downloadTemplate function), where failure to sufficiently conceal file modes enables an attacker to craft a GET r...

easywebpack-cli 路径遍历漏洞

easywebpack-cli is easy-team open source a powerful cross-platform Webpack CLI tool . A security vulnerability exists in easywebpack-cli versions prior to 4.5.2. Attackers use the vulnerability to obtain sensitive information through a specially crafted GET request...

CVE-2020-24855

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

CVE-2020-24855

Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensitive information via crafted GET request...

CVE-2022-46144

A vulnerability has been identified in SCALANCE SC622-2C 6GK5622-2GS00-2AC2 All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 V3.0, SCALANCE WAM763-1 6GK5763-1AL00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 6GK5766-1GE00-7DA0 All versions V2.0.0, SCALANCE WAM766-1 US 6GK5766-1GE00-7DB0 All...