Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/14 11:9 a.m.15 views

CVE-2025-47271

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

8.7CVSS6.9AI score0.00352EPSS
Exploits0References1
Circl
Circl
added 2025/05/12 2:26 p.m.15 views

CVE-2025-47271

creationtimestamp| type| source ---|---|--- 2025-05-12 14:26:22+00:00| seen| https://t.me/cvedetector/25074 2025-05-12 14:42:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3loy7dtwqat2e...

8.7CVSS4.8AI score0.00352EPSS
Exploits0References2
NVD
NVD
added 2025/05/12 11:15 a.m.22 views

CVE-2025-47271

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

8.7CVSS0.00352EPSS
Exploits0References2
OSV
OSV
added 2025/05/12 10:52 a.m.8 views

CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

8.7CVSS6.6AI score0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/05/12 10:52 a.m.13 views

CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

8.7CVSS6.6AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/12 10:52 a.m.26 views

CVE-2025-47271 OZI-Project/ozi-publish Code Injection vulnerability

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

8.7CVSS0.00352EPSS
Exploits0References2
Rows per page
Query Builder