abstraps (=0.1.8), aivm (>=0.2.0 <=0.3.0) +287 more potentially affected by CVE-2022-31104 via cranelift-codegen (>=0.14.0 <=0.84.0)

cranelift-codegen CARGO version =0.14.0, =0.2.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.30.1 and more Source cves: CVE-2022-31104 Source advisory: OSV:GHSA-JQWC-C49R-4W2X...

Input validation

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bu...

CVE-2022-31104

CVE-2022-31104 concerns Wasmtime’s x86_64 SIMD implementation. Two Cranelift lowering bugs affected i8x16.swizzle and select for v128 inputs: swizzle overwrote the mask input register, potentially corrupting a constant; and select incorrectly handled 128‑bit vectors when the condition was 0, movi...

Malicious code in amplify-codegen-e2e-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78ef98fa45356b629d8b18e241e11d0b1aaa3f8b0bd38d3a357fc6707c297ea7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-978 Malicious code in amplify-codegen-e2e-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78ef98fa45356b629d8b18e241e11d0b1aaa3f8b0bd38d3a357fc6707c297ea7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5644 Malicious code in react-dts-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53dbff286a2669baf7872c7b3c62ef478e1e1d1a7f1f332b67a6227ec0220bb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in geoadv-ts-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01c47caa11253203c249aa0ca38da1140e5ef612bc4d17f527da8642a3244108 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3343 Malicious code in geoadv-proptypes-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86aa62f8baa2d8ed0fda95fc5065b753603886dd1331dfa3532b70d30be8ee11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-dts-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 53dbff286a2669baf7872c7b3c62ef478e1e1d1a7f1f332b67a6227ec0220bb3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in geoadv-proptypes-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 86aa62f8baa2d8ed0fda95fc5065b753603886dd1331dfa3532b70d30be8ee11 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3344 Malicious code in geoadv-ts-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01c47caa11253203c249aa0ca38da1140e5ef612bc4d17f527da8642a3244108 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

at.newmedialab.ldpath:ldpath-api (>=0.9.12 <=0.9.13), at.newmedialab.ldpath:ldpath-backend-jena (>=0.9.12 <=0.9.13) +1790 more potentially affected by CVE-2018-8088 via org.slf4j:slf4j-ext (>=1.0-alpha0 <=1.7.25)

org.slf4j:slf4j-ext MAVEN version =1.0-alpha0, =0.9.12, =0.9.12, =0.9.12, =0.9.12, =0.9.11, =0.9.12, =0.1-1, =2.3.0, =2.3.1 and more Source cves: CVE-2018-8088 Source advisory: OSV:GHSA-W77P-8CFG-2X43...

GHSA-FV3M-XHQW-9M79 ballcat-codegen template engine remote code execution injection

Impact Ballcat Codegen provides the function of online editing code to generate templates. In version 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the...

ballcat-codegen template engine remote code execution injection

Impact Ballcat Codegen provides the function of online editing code to generate templates. In version 1.0.0.beta.2, since Velocity and freemarker templates are introduced but input verification is not done, attackers can implement remote code execution through malicious code injection of the...

CVE-2022-24881

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

Code injection

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

CVE-2022-24881 Command Injection in Ballcat Codegen

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

CVE-2022-24881 Command Injection in Ballcat Codegen

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

CVE-2022-24881 Command Injection in Ballcat Codegen

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but...

CVE-2022-24881

CVE-2022-24881 concerns Ballcat Codegen. Affected versions prior to 1.0.0.beta.2 allow remote code execution via malicious code injection in the template engine, caused by using Velocity and Freemarker templates without proper input verification. The issue is fixed in 1.0.0.beta.2. Public sources...