uutils coreutils 输入验证错误漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. uutils coreutils has a vulnerability related to input validation. This vulnerability stems from an error in the env function; when the -S option is used, the command-line parameters are not properly...

Information Disclosure

github.com/go-vela/compiler is vulnerable to information disclosure. An attacker is able to obtain server configuration information using the Sprig's env function...

Code injection

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

CVE-2020-26294 Exposure of server configuration

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's env function to retrieve...

CVE-2020-26294

Vela compiler before version 0.6.1 allows exposure of server configuration via Sprig's env function in templates. The vulnerability affects the Vela server/component and enables an attacker to retrieve configuration information, exposing sensitive data. The issue has been fixed in version 0.6.1; ...

Target Vela Operating System Command Injection Vulnerability

Target Vela is a pipeline automation CI/CD framework based on Go language, Linux container technology from Target Canada. Vela suffers from a security vulnerability that allows the disclosure of server configuration. An attacker could exploit the vulnerability to retrieve configuration informatio...

PT-2021-11235 · Unknown +2 · Vela Compiler +2

Name of the Vulnerable Software and Affected Versions: Vela versions prior to 0.6.1 Vela compiler versions prior to 0.6.1 Description: The issue allows exposure of server configuration, impacting all users of Vela. An attacker can use Sprig's env function to retrieve configuration information. Th...