26 matches found
EUVD-2018-0359
Malware in sbrugna...
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting
A vulnerability was found in CRI-O. A path traversal issue in the log management functions UnMountPodLogs and LinkContainerLogs may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system...
CVE-2023-44392
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
Deserialization of untrusted data
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392
CVE-2023-44392 affects Garden prior to versions 0.13.17 (Bonsai) and 0.12.65 (Acorn). The vulnerability arises from the cryo library’s insecure deserialization, used by Garden to cache test/run results in Kubernetes ConfigMaps named with prefixes like test-result and run-result stored in either t...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
CVE-2023-44392 Arbitrary code execution vulnerability when using shared Kubernetes cluster
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the...
PT-2023-29227 · Cryo +2 · Cryo +2
Name of the Vulnerable Software and Affected Versions: Garden versions prior to 0.13.17 Garden versions prior to 0.12.65 Description: Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized...
cryo-science.com.au Cross Site Scripting vulnerability OBB-2830375
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
@drubin/garden-cli (>=0.8.0-rc2 <=0.8.0-rc11), eysi-garden-test (>=0.8.1-ci-test <=0.8.1-ci-test-3) +5 more potentially affected by CVE-2018-3784 via cryo (>=0.0.5 <=0.0.6)
cryo NPM version =0.0.5, =0.8.0-rc2, =0.8.1-ci-test, =0.0.1, =0.1.0, =0.1.1, =0.1.2 Source cves: CVE-2018-3784 Source advisory: OSV:GHSA-38F5-GHC2-FCMV...
GHSA-38F5-GHC2-FCMV Code Injection in cryo
All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization. Proof of concept js var Cryo = require'cryo'; var frozen = '"root":"CRYOREF3","references":"contents":,"value":"CRYOFUNCTIONfunction console.log\"defconrussia\"; return...
Code Injection in cryo
All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization. Proof of concept js var Cryo = require'cryo'; var frozen = '"root":"CRYOREF3","references":"contents":,"value":"CRYOFUNCTIONfunction console.log\"defconrussia\"; return...
cryo code injection vulnerability
cryo is a software package that supports the structuring of data. A code injection vulnerability exists in cryo version 0.0.6, which stems from a failure to securely implement deserialization in the program. An attacker can exploit this vulnerability to arbitrarily execute code...
CVE-2018-3784
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
CVE-2018-3784
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
Deserialization of untrusted data
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
CVE-2018-3784
A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...
CVE-2018-3784
CVE-2018-3784 affects cryo, a Node.js module for JSON-like serialization. The root cause is insecure deserialization, allowing an attacker to craft payloads (e.g., via proto manipulation or serialized functions) that can lead to arbitrary code execution. Several sources (NVD, CNVD, PRION, OSV) de...