1622 matches found
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
Design/Logic Flaw
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
PYSEC-2022-42982
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
Malicious code in react-nesting-example-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a6877c514ae49fccfe170b75f8405a65c085e2bb1d3d78b1ce4d44bff375d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2022-40127
Apache Airflow before 2.4.0 is vulnerable to remote code execution via the run_id parameter on UI-triggered DAGs. The issue affects the Example Dags component and is triggered by manipulating run_id to execute arbitrary commands. Public references describe RCE on Airflow
PT-2022-5600 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.0 Description: A vulnerability in Example Dags of Apache Airflow is related to incorrect management of code generation. This issue allows an attacker with UI access who can trigger DAGs to execute arbitrar...
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...
Link Preload XSS
Description Link preloads do not effectively confirm if the requested link is external. Parser differentials can be used to bypass existing external URL check. Root Cause payload.client.ts contains the following code on link prefetch: ts nuxtApp.hooks.hook'link:prefetch', url = if...
org.apache.iotdb:flink-example (>=0.12.2 <=0.13.2) potentially affected by CVE-2022-43766 via org.apache.iotdb:flink-tsfile-connector (>=0.12.2 <=0.13.2)
org.apache.iotdb:flink-tsfile-connector MAVEN version =0.12.2, =0.12.2, =0.13.2 Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
org.apache.iotdb:customize-mqtt-example (>=0.13.0 <=0.13.2), org.apache.iotdb:integration (>=0.13.0 <=0.13.2) +5 more potentially affected by CVE-2022-43766 via org.apache.iotdb:iotdb-server (>=0.12.2 <=0.13.2)
org.apache.iotdb:iotdb-server MAVEN version =0.12.2, =0.13.0, =0.13.0, =0.12.2, =0.12.2, =0.12.6, =0.13.0, =0.12.2, =0.13.2 Source cves: CVE-2022-43766 Source advisory: OSV:GHSA-G6HG-4V3C-6JQ7...
Malicious Package
Overview flight-example-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious code in example-jenkins (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a3960f0197c9f666fee1632db8f53719968870e24dbef66ebb5fcc024f017300 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in example-gke-workload-identity-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf756302a9f2a9488535c736ec75f8361b533b587b93334a3460d149cd2bd128 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Java-Remote-Class-Loader - Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API
This tool allows you to send Java bytecode in the form of class files to your clients or potential targets to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written ...
ai.apiverse:apipulse (=1.0.1), com.contentgrid.spring:contentgrid-spring-boot-starter (>=0.4.2 <=0.6.1) +53 more potentially affected by CVE-2022-31679 via org.springframework.data:spring-data-rest-core (>=3.7.0 <=3.7.2)
org.springframework.data:spring-data-rest-core MAVEN version =3.7.0, =0.4.2, =0.4.2, =0.4.2, =5.12.1, =2.4.0, =2.4.0, =2.4.0, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.1.0 - com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example =2.1.6 and more Source cves: CVE-2022-31679...
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Impact When a full CVSS v2.0 vector string is parsed using ParseVector, an Out-of-Bounds Read is possible due to a lack of tests. The Go module will then panic. Patches The problem is patched in tag v0.4.0, by the commit d9d478ff0c13b8b09ace030db9262f3c2fe031f4. Workarounds The only way to avoid ...
Malicious Package
Overview pages-plugins-example is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
Malicious code in example-yarn-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49ed18b898074c0e0df3d8de17008d5edd7e275455865ce1592b1b4bcc76ccd8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2914 Malicious code in example-yarn-package (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49ed18b898074c0e0df3d8de17008d5edd7e275455865ce1592b1b4bcc76ccd8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...