Malicious code in shopify-app-extension-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bf25a3a07b9adf8865f783819176d646b7c5485aeb1539422555bf596abfeaa7 The package shopify-app-extension-template was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2022-2404

Malicious code in bioql PyPI...

Malicious code in custom-ui-extension-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dab5118124877f1b10d3a788f122b5860bb073bbb94ce2f89305ab74521ade9c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

PT-2024-28639

Name of the Vulnerable Software and Affected Versions JupyterLab extension template versions prior to 4.3.0 Description The JupyterLab extension template has a remote code execution RCE vulnerability in the update-integration-tests.yml workflow. This issue affects repositories created using the...

Code injection

DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...

PYSEC-2024-25

DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...

PYSEC-2024-25

DuckDB =0.9.2 and DuckDB extension-template =0.9.2 are vulnerable to malicious extension injection via the custom extension feature...

PT-2024-19529 · Duckdb +1 · Duckdb +1

Name of the Vulnerable Software and Affected Versions: DuckDB versions prior to 0.9.3 DuckDB extension-template versions prior to 0.9.3 Description: The issue allows for malicious extension injection through the custom extension feature. Recommendations: For DuckDB versions prior to 0.9.3, update...

CSRF vulnerability in Email Extension Template Plugin

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates...

GHSA-4M38-GQH8-X266 CSRF vulnerability in Email Extension Template Plugin

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates...

CVE-2018-1000417

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates...

CVE-2018-1000417

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates...