38 matches found
CVE-2025-49521
CVE-2025-49521 affects the EDA component of Red Hat Ansible Automation Platform. The issue is template injection via user-provided Git branch or refspec values, allowing authenticated users to inject expressions that execute commands or read sensitive files on the EDA worker; in OpenShift this ca...
USN-7603-1 composer vulnerabilities
Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
Composer has a command injection via malicious git branch name
Impact The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid installing dependencies via git by using...
GHSA-2W9P-XF5H-QWJ3 Duplicate Advisory: pullit Command Injection vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8px5-63x9-5c7p. This link is maintained to preserve external references. Original Description The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
CVE-2018-25083
The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Tuleap Git Branch Source Plugin 3.2.5 requires a token to access the webhook endpoi...
CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
CVE-2022-43421
CVE-2022-43421 : In Jenkins, the Tuleap Git Branch Source Plugin (versions 3.2.4 and earlier) contains a missing permission check in the mechanism that triggers Tuleap projects. This allows unauthenticated attackers to trigger projects whose configured repository matches an attacker-specified val...
CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
PT-2022-6109 · Jenkins · Jenkins Tuleap Git Branch Source Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Git Branch Source Plugin versions 3.2.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Tuleap Git Branch Source Plugin, allowing unauthenticated attackers to trigger Tuleap projects...
Jenkins Tuleap Git Branch Source Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Debian: Security Advisory (DSA-5078-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-8PX5-63X9-5C7P pullit vulnerable to command injection
Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. Credits This...
PT-2020-8914 · Pullit · Pullit
Name of the Vulnerable Software and Affected Versions: pullit versions prior to 1.4.0 Description: The issue allows OS Command Injection because eval is used on an attacker-supplied Git branch name. The package does not validate input on git branch names and concatenates it to an exec call,...
Command Injection
Overview Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. References -...