Malicious Package

Overview @cloudplatform-single-spa/virtual-ip is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview @cloudplatform-single-spa/svp-vm-migration is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @cloudplatform-single-spa/paas-kafka is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization a...

Malicious Package

Overview @cloudplatform-single-spa/ml-inference-docker-run is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @fb-deposit/form-deposit-auth is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Malicious Package

Overview @cloudplatform-single-spa/dataplatform-bi is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview @cloudplatform-single-spa/vpc-endpoint is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

Malicious Package

Overview @cloudplatform-single-spa/iam is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

Rootstock Labs: Crafted smart contract can take 8 minutes to execute due to bug in modexp precompile.

A bug in the modexp precompile of an Ethereum-based blockchain can cause long stalls in the execution of crafted smart contracts. The issue was reported and could have potentially stalled the network...

In parties with more than one host, a single host can bypass the execution delay of a proposal by transferring his host status to other addresses of his.

Lines of code Vulnerability details The Vulnerability After a proposal has gathered enough votes to pass, it waits through a period defined in the governance values named executionDelay. That executionDelay period is bypassed and the proposal can be executed immediately if ALL hosts of the party...

Stale preciousListHash state variable permanently prevents a party from executing non-unanimous arbitrary call proposals and poses a high security risk.

Lines of code Vulnerability details Overview of the execute function in PartyGovernance Before diving into the details of the vulnerability, I need to explain how the execute function works in the PartyGovernance.sol contract. The execute is the function responsible for executing a proposal after...

openSUSE Security Update : git (openSUSE-2021-405)

This update for git fixes the following issues : - On case-insensitive filesystems, with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters such as Git LFS, Git could be fooled into running remote code during a clone. bsc1183026, CVE-2021-21300...