2444 matches found
PYSEC-2022-288
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
UBUNTU-CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797 Arbitrary Code Execution
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
CVE-2022-21797 affects joblib: versions 0 up to 1.1.x are vulnerable to arbitrary code execution via the pre_dispatch flag in Parallel(), caused by an eval() statement. Severity is high/critical per sources; impact is arbitrary code execution. Remediation: upgrade to joblib 1.2.0 or later (e.g., ...
CVE-2022-21797 Arbitrary Code Execution
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
CVE-2022-21797
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the predispatch flag in Parallel class due to the eval statement...
OESA-2022-1958 redis5 security update
Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...
GHSA-XR6M-2P4M-JVQF XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request URL parameter using the XWikiServerClassSheet if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a...
GHSA-2G5C-228J-P52X XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Impact The tags document Main.Tags in XWiki didn't sanitize user inputs properly, allowing users with view rights on the document default in a public wiki or for authenticated users on private wikis to execute arbitrary Groovy, Python and Velocity code with programming rights. This allows bypassi...
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
CVE-2022-36099 XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
PT-2022-6254 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux Kernel version 6.0-rc2 Description: The issue is related to the use of memory after it has been freed, specifically within the nft osf eval function. This can allow an attacker to disclose sensitive information on affected installations...
GHSA-J3RV-W43Q-F9X2 React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...
React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...
CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree
This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...
CVE-2022-36010
CVE-2022-36010 affects react-editable-json-tree. The vulnerability arises from parsing strings as functions using eval (and later Function) via the JsonFunctionValue path, which can execute arbitrary code if data contains function-like strings. Affects default onSubmitValueParser behavior and, if...