2444 matches found
DEBIAN-CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
Code injection
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
UBUNTU-CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
PyTorch 代码注入漏洞
PyTorch is a Python package in the PyTorch open source. A code injection vulnerability exists in versions prior to PyTorch trunk/89695 that stems from an unsafe use of eval in its torch.jit.annotations.parsetypeline component leading to arbitrary code execution...
CVE-2022-45907
In PyTorch before trunk/89695, torch.jit.annotations.parsetypeline can cause arbitrary code execution because eval is used unsafely...
XWiki 6.4-milestone-2 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-5j7g-cf6r-g2h7)
Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
XWiki < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.6 Eval Injection Vulnerability (GHSA-6w8h-26xx-cf8q)
Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
XWiki 5.0-milestone-1 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-9hqh-fmhg-vq2j)
Xwiki is prone to an improper neutralization of directives in dynamically evaluated code eval injection vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2022-41931
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
Design/Logic Flaw
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
CVE-2022-41928
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...
Design/Logic Flaw
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...
CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection'. Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper...
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...
CVE-2022-41928
XWiki Platform is affected by an Eval Injection in the AttachmentSelector.xml (directives in dynamically evaluated code). The vulnerability can also be triggered by payloads in height or alt macro properties. Patched in XWiki Platform releases: 13.10.7+, 14.4.2+, and 14.5. The recommended fix is ...
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...
CVE-2022-41928 XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code 'Eval Injection' in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties. This has been patched in versions 13.10.7, 14.4.2...
CVE-2022-41931
CVE-2022-41931 affects xwiki-platform-icon-ui. It enables Eval Injection through the iconPicker macro, allowing an authenticated user with view rights on common documents to run arbitrary Groovy/Python/Velocity code due to improper neutralization of macro parameters. The vulnerability is fixed in...
GHSA-6W8H-26XX-CF8Q Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Impact Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The issue can ...