11 matches found
CVE-2022-31051
A vulnerability was found in semantic-release. Secrets that are normally masked are accidentally disclosed if they contain characters excluded from uri encoding by encodeURI. The vulnerability is further limited to execution contexts where push access to the related repository is unavailable...
GHSA-X2PG-MJHR-2M5X Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Impact What kind of vulnerability is it? Who is impacted? Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to t...
Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
Impact What kind of vulnerability is it? Who is impacted? Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI. Occurrence is further limited to execution contexts where push access to t...
CVE-2022-31051
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI...
Design/Logic Flaw
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI...
CVE-2022-31051 Exposure of Sensitive Information to an Unauthorized Actor in semantic-release
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by encodeURI...
CVE-2022-31051
CVE-2022-31051 affects the open‑source npm package semantic-release . The vulnerability causes concealed secrets to be disclosed when they contain characters that are not encoded by encodeURI , in contexts where pushing to the repository requires modifying the URL to inject credentials. Public re...
stored xss due to unsantized anchor url
BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...
IBM Notes Remote Denial of Service Vulnerability(CVE-2017-1130)
No description provided by source. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that...
IBM Notes encodeURI DOS
This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If successful, it could cause the Notes client to hang and have to be restarted. This module requires Metasploit: https://metasploit.com/download Current source:...
security flaw
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...