6 matches found
EUVD-2022-3782
Malicious code in bioql PyPI...
GHSA-FH55-VWJC-69C7 Unescaped control characters in Gitblit
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
Unescaped control characters in Gitblit
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
CVE-2022-31267
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
CVE-2022-31267
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
CVE-2022-31267
CVE-2022-31267 affects Gitblit 1.9.2. The issue is privilege escalation via the Config User Service: a control character (for example, in an emailAddress field with a newline/tab) can be interpreted to set role = "#admin". NVD cites CVSSv2/3.1 base scores of 7.5 (HIGH) and 9.8 (CRITICAL). Rationa...