GHSA-8MMM-9V2Q-X3F9 tschaub gh-pages vulnerable to prototype pollution

Prototype pollution vulnerability in tschaub gh-pages via the partial variable in util.js...

tschaub gh-pages vulnerable to prototype pollution

Prototype pollution vulnerability in tschaub gh-pages via the partial variable in util.js...

0xgank-tea-advice-pull (=1.0.0), 0xgank-tea-balance-pencil (=1.0.0) +2198 more potentially affected by CVE-2022-37611 via gh-pages (>=0.10.0 <=4.0.0)

gh-pages NPM version =0.10.0, =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on gh-pages and may be impacted: - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 -...

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js...

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js...

Code injection

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js...

gh-pages 安全漏洞

gh-pages is a general-purpose task for Tim Schaub's personal developer to publish files to the gh-pages branch on GitHub. A security vulnerability exists in gh-pages version 3.1.0, which stems from a prototype contamination vulnerability via some variables in util.js...

PT-2022-24026 · Unknown · Tschaub Gh-Pages

Name of the Vulnerable Software and Affected Versions: tschaub gh-pages version 3.1.0 Description: The issue is related to a prototype pollution vulnerability. It is exploited via the partial variable in util.js. Recommendations: For tschaub gh-pages version 3.1.0, consider restricting access to...

CVE-2022-37611

The CVE-2022-37611 entry documents a prototype pollution vulnerability in tschaub gh-pages version 3.1.0, caused by unsafe handling of the partial variable in util.js. The root cause is lack of validation on the partial property, enabling an attacker to contaminate a JavaScript object prototype. ...

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js...

CVE-2022-37611

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js...

Malicious code in action-publish-gh-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a74ffd02c6f641086cd42add073f54fb155173390cde20c495999e563ff0471 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-833 Malicious code in action-publish-gh-pages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a74ffd02c6f641086cd42add073f54fb155173390cde20c495999e563ff0471 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)

push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...

@3yourmind/yoco (=0.0.2-beta.3), @auto-canary/gh-pages (>=9.16.7-canary.0.b718636d.0 <=11.3.0--canary.2478.87bcf4d47797ed8cc7152538b86fd742d8d19462.0) +7 more potentially affected by CVE-2019-10803 via push-dir (=0.4.1)

push-dir NPM version =0.4.1 is affected by a known vulnerability. The following packages have a transitive dependency on push-dir and may be impacted: - @3yourmind/yoco =0.0.2-beta.3 - @auto-canary/gh-pages =9.16.7-canary.0.b718636d.0, =9.17.0, =1.0.0, =0.0.16, =0.0.37, =0.0.1, =0.1.1, =0.7.12...

GHSA-RRJ3-QMH8-72PF grunt-gh-pages before 0.10.0 may allow unencrypted GitHub credentials to be written to a log file

Versions of grunt-gh-pages prior to 0.10.0 are affected by a vulnerability which may cause unencrypted GitHub credentials to be written to a log file in certain circumstances. In the grunt-gh-pages deployment scenario where authentication is performed by injecting a GitHub token directly into the...