EUVD-2022-7643

Malicious code in bioql PyPI...

CVE-2022-39304

A flaw was found in ghinstallation. When a request to refresh an installation token fails, the HTTP request and response are returned for debugging. The returned request contains the short-lived 10-min maximum bearer JWT for the app and is returned back to clients...

Hardcoded credentials

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

CVE-2022-39304 ghinstallation returns app JWT in error responses

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

CVE-2022-39304 ghinstallation returns app JWT in error responses

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

CVE-2022-39304 ghinstallation returns app JWT in error responses

ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request...

CVE-2022-39304

CVE-2022-39304 concerns ghinstallation, which provides a transport for GitHub Apps authentication. In ghinstallation version 1, if refreshing an installation token failed, the HTTP request and response were returned for debugging, revealing the App’s bearer JWT (short-lived, up to 10 minutes) to ...

ghinstallation 安全漏洞

ghinstallation is a library for Bradley Falzon Personal Developers. Authentication is performed as an installation workflow. A security vulnerability exists in ghinstallation versions prior to 2.0.0, which stems from a short-lived token that returns an HTTP request and response for debugging when...

GHSA-H4Q8-96P6-JCGR ghinstallation returns app JWT in error responses

Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.goL172-L174 The request contained the beare...

ghinstallation returns app JWT in error responses

Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.goL172-L174 The request contained the beare...

PT-2022-24887 · Unknown · Ghinstallation

Name of the Vulnerable Software and Affected Versions: ghinstallation versions 1 through 1 ghinstallation version 2.0.0 is not affected as it contains the fix for the issue. Description: The issue concerns ghinstallation, which provides transport implementing http.RoundTripper for authentication ...