6 matches found
PYSEC-2026-986 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
Impact The macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of the macros would trigger incorrectly. Patches We have patched the issue in GitHub commit...
Malicious code in @service-suppliers/suppliers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a79ca8ef6257be2fbac9c361b969d9e63ce6a833e42dafa4b558e1f805276502 On npm install, scripts/postinstall.js performs two attacker-benefit actions against the installer. First, it scrapes installer-side credentials: it...
MAL-2026-4435 Malicious code in @service-suppliers/fetch_suppliers_action_saga (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8a3ebab0ad45763f2a27f43a1f97a820409b215589a45b5f3928b169ffc062bb The postinstall script scripts/postinstall.js performs three independent installer-harm actions on npm install. 1 It enumerates process.env for...
GHSA-QPV8-G6QV-RF8P
creationtimestamp| type| source ---|---|--- 2025-05-13 15:55:04+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114501334070497265...
Escape or filter script tags in "all activity" panel
We've got an external report about a third party plugin: quote From: Vincent Ollivier Date: 29 July 2014 13:12 Subject: JIRA 6.2.5 / JEditor XSS Vulnerability To: [email protected] Hi, Sorry for the email, I couldn't find the correct project to report this security issue. There's an XSS in...
Implement clickjacking protection on https://answers.atlassian.com/
We received an external security report from Monendra Sahu that https://answers.atlassian.com/ is vulnerable to clickjacking|http://en.wikipedia.org/wiki/Clickjacking. This can be fixed by sending a X-Frame-Options header with a value of SAMEORIGIN. This will prevent answers from being displayed ...