2 matches found
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-supplied configuration data in the assembleLayoutFromPost function before passing it to Craft::createObject, which allows an authenticated administrator to inject malicious Yii2...
CVE-2023-32076
in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the...