14 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...
CVE-2021-22237
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2...
EUVD-2024-22149
Malicious code in bioql PyPI...
EUVD-2021-9383
Malicious code in bioql PyPI...
BIT-GITLAB-2021-22237
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions before 13.12.9, 14.0.7, 14.1.2...
CVE-2024-24757
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
CVE-2024-24757
CVE-2024-24757 affects the open-irs repository bot where an ".env" file was accidentally uploaded during git actions, revealing sensitive keys. This exposure is documented across multiple sources (NVD entry with CVSS v3.1 base score 9.8; Red Hat entry; PT-Security). The root cause is an accidenta...
CVE-2024-24757 open-irs .env Exposure
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
CVE-2024-24757 open-irs .env Exposure
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
CVE-2024-24757 open-irs .env Exposure
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
GitLab 13.1 < 13.12.9 / 14.0 < 14.0.7 / 14.1 < 14.1.2 (CVE-2021-22237)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions befor...
Authorization Bypass
gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs due to a flaw in the way that GitLab handles GraphQL mutations. An attacker can exploit this vulnerability to perform Git actions even if they are not authorized to do so...
CVE-2021-22237
CVE-2021-22237 affects GitLab CE/EE where, under specialized conditions, a user with an impersonation token could perform Git actions even if impersonation is disabled. Concrete details across connected sources indicate the vulnerability exists in GitLab versions before 13.12.9, 14.0.7, and 14.1....
PT-2021-6547 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 13.12.9 GitLab CE/EE versions prior to 14.0.7 GitLab CE/EE versions prior to 14.1.2 Description: The issue is related to incorrect session management in GitLab, allowing a remote attacker to impact data integrit...