uutils coreutils 输入验证错误漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. uutils coreutils has a vulnerability related to input validation. This vulnerability stems from an error in the env function; when the -S option is used, the command-line parameters are not properly...

Information Disclosure

github.com/go-vela/compiler is vulnerable to information disclosure. An attacker is able to obtain server configuration information using the Sprig's env function...

Code injection

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

CVE-2020-26294

Vela compiler before version 0.6.1 allows exposure of server configuration via Sprig's env function in templates. The vulnerability affects the Vela server/component and enables an attacker to retrieve configuration information, exposing sensitive data. The issue has been fixed in version 0.6.1; ...

CVE-2020-26294 Exposure of server configuration

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

Target Vela Operating System Command Injection Vulnerability

Target Vela is a pipeline automation CI/CD framework based on Go language, Linux container technology from Target Canada. Vela suffers from a security vulnerability that allows the disclosure of server configuration. An attacker could exploit the vulnerability to retrieve configuration informatio...

PT-2021-11235 · Unknown +2 · Vela Compiler +2

Name of the Vulnerable Software and Affected Versions: Vela versions prior to 0.6.1 Vela compiler versions prior to 0.6.1 Description: The issue allows exposure of server configuration, impacting all users of Vela. An attacker can use Sprig's env function to retrieve configuration information. Th...