CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Vulnrichment•added 2026/04/23 11:58 p.m.•1 views

CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...

6.1CVSS5.5AI score0.00015EPSS

Exploits0References1

EUVD•added 2026/04/23 9:53 p.m.•5 views

EUVD-2026-25355

melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline.uses...

6.1CVSS5.7AI score0.00015EPSS

Exploits0References2

Github Security Blog•added 2026/04/23 9:53 p.m.•10 views

melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

Impact An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed us...

6.1CVSS5.9AI score0.00015EPSS

Exploits0References4Affected Software1

GitLab Advisory Database•added 2026/04/23 12:0 a.m.•7 views

melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses

An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed uses...

6.1CVSS5.9AI score0.00015EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by