Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/20 4:43 p.m.12 views

EUVD-2026-38128

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS8.2AI score0.00874EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/20 4:43 p.m.34 views

CVE-2026-5366 Git Argument Injection in prefecthq/prefect

Prefect version 3.6.23 is vulnerable to remote code execution due to improper handling of user-controlled input in the GitRepository storage class. The commitsha parameter, which is passed to git commands, lacks validation and does not include a -- separator to distinguish user input from git...

9.9CVSS0.00874EPSS
Exploits3References1
CVE
CVE
added 2026/06/20 4:43 p.m.62 views

CVE-2026-5366

CVE-2026-5366 affects Prefect v3.6.23, where the vulnerability resides in the GitRepository storage class. The commit_sha parameter passed to git commands lacks validation and does not use a -- separator, enabling an attacker to inject git flags (e.g., --upload-pack) and potentially execute arbit...

9.9CVSS8.1AI score0.00874EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2026/05/04 6:32 a.m.21 views

GHSA-6RCX-55R6-JX65 Prefect Git Argument Injection in GitRepository Pull Steps

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

6.3CVSS5.5AI score0.00247EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/04 5:18 a.m.9 views

Arbitrary Argument Injection

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...

6.5CVSS6.6AI score0.00247EPSS
Exploits0References2
NVD
NVD
added 2025/04/02 10:15 p.m.41 views

CVE-2025-31479

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUBTOKEN. If the full token is included in the excepti...

8.2CVSS0.00589EPSS
Exploits0References3
Rows per page
Query Builder