7 matches found
EUVD-2024-1551
Malicious code in bioql PyPI...
CVE-2024-34084
Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...
Malicious code in controlplane (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-648 Malicious code in controlplane (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...
CVE-2024-34084
CVE-2024-34084 concerns Minder’s HandleGithubWebhook. Multiple connected records confirm a DoS condition caused by untrusted HTTP requests, where the code path reads the entire request body into memory before validation (notably in readerFromRequest/handle_githubwebhooks.go), enabling memory exha...
CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests
Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...
CVE-2024-34084 Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests
Minder's HandleGithubWebhook is susceptible to a denial of service attack from an untrusted HTTP request. The vulnerability exists before the request has been validated, and as such the request is still untrusted at the point of failure. This allows an attacker with the ability to send requests t...