145 matches found
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
VulnNodeApp - A Vulnerable Node.Js Application
A vulnerable application made using node.js, express server and ejs template engine. This application is meant for educational purposes only. Setup Clone this repository git clone https://github.com/4auvar/VulnNodeApp.git Application setup: Install the latest node.js version with npm. Open...
Exploit for Injection in Datagear
CVE-2024-37759 PoC Description DataGear version 5.0.0 and...
Security Bulletin: Vulnerability in Spring Data MongoDB might affect IBM Storage Copy Data Management. [CVE-2022-22980]
Summary IBM Storage Copy Data Management can be affected by a vulnerability in Spring Data MongoDB. A remote attacker could exploit this vulnerability to execute arbitrary code on the system as described by the CVEs in the "Vulnerability Details" section. Vulnerability Details CVEID:CVE-2022-2298...
CVE-2024-28848
CVE-2024-28848 is a SpEL injection vulnerability in OpenMetadata's GET /api/v1/policies/validation/condition/. The CompiledRule.validateExpression flow evaluates user-supplied SpEL against Java types (e.g., Runtime), enabling remote code execution. The issue is exploitable by authenticated non-ad...
CVE-2024-28255 Authentication Bypass in OpenMetadata
OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The JwtFilter handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request...
CVE-2024-21623
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
CVE-2024-21623
OTCLient (the Tibia OT server client) is affected by an expression injection in the GitHub Actions workflow for /mehah/otclient, specifically the Analyses - SonarCloud workflow. The vulnerability enables remote command execution, secret leakage, and repository alteration on the vulnerable runner....
CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets
OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...
PT-2024-18975
Name of the Vulnerable Software and Affected Versions OTCLient versions prior to commit db560de0b56476c87a2f967466407939196dd254 Description The issue concerns an expression injection vulnerability in the /mehah/otclient "Analysis - SonarCloud" workflow, allowing an attacker to run commands...
CVE-2023-51387 Expression Injection Vulnerability in Hertzbeat
Hertzbeat is an open source, real-time monitoring system. Hertzbeat uses aviatorscript to evaluate alert expressions. The alert expressions are supposed to be some simple expressions. However, due to improper sanitization for alert expressions in version prior to 1.4.1, a malicious user can use a...
VulnCheck KEV: CVE-2021-21479
In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compromising the availability and integrity of the system...
Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...
GHSA-HW6R-G8GJ-2987 Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)
The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...
PT-2023-33030 · Facebook · Pytorch
Name of the Vulnerable Software and Affected Versions: pytorch/pytorch affected versions not specified Description: The filter-test-configs workflow in pytorch/pytorch is vulnerable to an expression injection in Actions. This allows an attacker to potentially leak secrets and alter the repository...
Apache Ambari 安全漏洞
Apache Ambari is an application from the Apache USA Foundation. It provides software developed to configure, manage and monitor Apache Hadoop clusters to simplify Hadoop management. A security vulnerability exists in Apache Ambari versions 2.7.0 through 2.7.6, which originates from a SpringEL...
CVE-2023-28430 OneSignal repository github action command injection
OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues types: closed i.e., when an Issue is closed. The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on...