112 matches found
CVE-2023-31128
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
EUVD-2011-4997
Malware in sbrugna...
EUVD-2021-14363
Malware in sbrugna...
EUVD-2008-1146
Malware in sbrugna...
EUVD-2023-35452
Malicious code in bioql PyPI...
EUVD-2022-52094
Malicious code in bioql PyPI...
Malicious code in pandas-cookbook-code-notes (npm)
The package pandas-cookbook-code-notes was found to contain malicious code...
MAL-2025-45503 Malicious code in pandas-cookbook-code-notes (npm)
The package pandas-cookbook-code-notes was found to contain malicious code...
CVE-2022-4817
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is...
CVE-2011-5097
chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to 1 upload cookbooks via a knife cookbook upload command or 2 delete...
eu.europa.ec.joinup.sd-dss:dss-cookbook (=6.0), eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage (=6.0) +7 more potentially affected by CVE-2024-28109 via org.verapdf:core-jakarta (=1.24.1)
org.verapdf:core-jakarta MAVEN version =1.24.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.verapdf:core-jakarta and may be impacted: - eu.europa.ec.joinup.sd-dss:dss-cookbook =6.0 - eu.europa.ec.joinup.sd-dss:dss-jacoco-coverage =6.0 -...
old.cookbookfair.com Cross Site Scripting vulnerability OBB-3498530
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-31128
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
Command injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128
Summary: CVE-2023-31128 concerns NextCloud Cookbook’s pull-checks.yml workflow, where an untrusted github.head_ref value can be attacker-controlled, enabling command injection via a crafted value (e.g., zzz";echo${IFS}"hello";#). The issue, stemming from a lack of input validation in the workflow...
NextCloud Cookbook 操作系统命令注入漏洞
NextCloud Cookbook is a recipe from NextCloud, Inc. NextCloud Cookbook has a security vulnerability that stems from the use of an untrusted github.headref field...
CVE-2022-4817
A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is...