EUVD-2022-6257

Malicious code in bioql PyPI...

Improper Access Control

ICG.AspNetCore.Utilities.CloudStorage is vulnerable to Improper Access Control. The vulnerability is due to incorrect handling of the SAS Uri duration, which may result in a URL with an incorrect expiration time. It can allow an attacker to gain unauthorized access if the duration is too long, or...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to improper handling of SAS Uri durations in the CreateSASUrl function. Note: Users who didn't implement SAS Uri's are unaffected. Remediation Upgrade ICG.AspNetCore.Utilities.CloudStorage to version 8.0.0 or...

GHSA-24MC-GC52-47JV ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected

Impact Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than desired. Users not implemented SAS Uri's are unaffected. Patches This issue was resolved in version 8.0.0 of the library, all user...

CVE-2024-50353

ICG.AspNetCore.Utilities.CloudStorage is a collection of cloud storage utilities to assist with the management of files for cloud upload. Users of this library that set a duration for a SAS Uri with a value other than 1 hour may have generated a URL with a duration that is longer, or shorter than...

PT-2024-34162 · Unknown · Icg.Aspnetcore.Utilities.Cloudstorage

Name of the Vulnerable Software and Affected Versions: ICG.AspNetCore.Utilities.CloudStorage versions prior to 8.0.0 Description: The issue affects users of the ICG.AspNetCore.Utilities.CloudStorage library who set a duration for a SAS Uri with a value other than 1 hour, potentially resulting in ...

google-cloudstorage-commands Command Injection vulnerability

A command injection vulnerability affects all versions of the deprecated package google-cloudstorage-commands...

chewb-server (>=0.0.1 <=0.0.20), video-dash-uploader (>=0.0.1 <=0.0.4) +1 more potentially affected by CVE-2020-28436 via google-cloudstorage-commands (=0.0.1)

google-cloudstorage-commands NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on google-cloudstorage-commands and may be impacted: - chewb-server =0.0.1, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2020-28436 Source advisory:...

CVE-2020-28436

This affects all versions of package google-cloudstorage-commands...

CVE-2020-28436

The CVE-2020-28436 entry concerns a Command Injection vulnerability in the npm package google-cloudstorage-commands. Affected software: all versions of google-cloudstorage-commands. Reported impact from connected sources indicates that attacker-controlled input can influence shell execution via t...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. PoC var root = require"google-cloudstorage-commands"; root.upload"./","& touch JHU", true; Remediation There is no fixed version for google-cloudstorage-commands. References - Vulnerable Code Credit: JHU System Securi...