3 matches found
CVE-2023-34112
JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...
CVE-2023-34112 JavaCPP project actions vulnerable to code injection
JavaCPP Presets is a project providing Java distributions of native C++ libraries. All the actions in the bytedeco/javacpp-presets use the github.event.headcommit.message parameter in an insecure way. For example, the commit message is used in a run statement - resulting in a command injection...
CVE-2023-34112
CVE-2023-34112 affects JavaCPP Presets (bytedeco/javacpp-presets) where actions use the github.event.head_commit.message in an insecure way, enabling command injection via string interpolation. The issue has no publicly reported exploits and is addressed in version 1.5.9; users are advised to upg...