Lucene search
K

38 matches found

CVE
CVE
added 2025/06/30 8:45 p.m.56 views

CVE-2025-49521

CVE-2025-49521 affects the EDA component of Red Hat Ansible Automation Platform. The issue is template injection via user-provided Git branch or refspec values, allowing authenticated users to inject expressions that execute commands or read sensitive files on the EDA worker; in OpenShift this ca...

8.8CVSS6.4AI score0.00465EPSS
Exploits0References3
OSV
OSV
added 2025/06/30 4:29 a.m.7 views

USN-7603-1 composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

8.8CVSS7.1AI score0.03282EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 a.m.4 views

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

9.8CVSS7.3AI score0.02693EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/06/10 9:36 p.m.39 views

Composer has a command injection via malicious git branch name

Impact The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid installing dependencies via git by using...

8.8CVSS8.7AI score0.0105EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2023/03/27 3:30 a.m.17 views

GHSA-2W9P-XF5H-QWJ3 Duplicate Advisory: pullit Command Injection vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8px5-63x9-5c7p. This link is maintained to preserve external references. Original Description The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied...

9.8CVSS9.7AI score0.02693EPSS
Exploits1References4
NVD
NVD
added 2023/03/27 3:15 a.m.28 views

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

9.8CVSS9.8AI score0.02693EPSS
Exploits1References2
OSV
OSV
added 2023/03/27 3:15 a.m.12 views

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

9.8CVSS10AI score
Exploits0References2
Cvelist
Cvelist
added 2023/03/27 12:0 a.m.36 views

CVE-2018-25083

The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name...

9.8AI score0.02693EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.31 views

Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. Tuleap Git Branch Source Plugin 3.2.5 requires a token to access the webhook endpoi...

5.3CVSS5.8AI score0.00665EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/10/19 4:15 p.m.20 views

CVE-2022-43421

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...

5.3CVSS5.3AI score
Exploits0References2
CVE
CVE
added 2022/10/19 12:0 a.m.84 views

CVE-2022-43421

CVE-2022-43421 : In Jenkins, the Tuleap Git Branch Source Plugin (versions 3.2.4 and earlier) contains a missing permission check in the mechanism that triggers Tuleap projects. This allows unauthenticated attackers to trigger projects whose configured repository matches an attacker-specified val...

5.3CVSS5.2AI score0.00665EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.29 views

CVE-2022-43421

A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...

5.5AI score0.00665EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.8 views

PT-2022-6109 · Jenkins · Jenkins Tuleap Git Branch Source Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Git Branch Source Plugin versions 3.2.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Tuleap Git Branch Source Plugin, allowing unauthenticated attackers to trigger Tuleap projects...

5.3CVSS5.2AI score0.00665EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.16 views

Jenkins Tuleap Git Branch Source Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00665EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2022/02/17 12:0 a.m.16 views

Debian: Security Advisory (DSA-5078-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.8AI score0.0198EPSS
Exploits0References4
OSV
OSV
added 2020/09/03 4:47 p.m.13 views

GHSA-8PX5-63X9-5C7P pullit vulnerable to command injection

Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. Credits This...

9.8CVSS9.7AI score0.02693EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2020/09/03 12:0 a.m.4 views

PT-2020-8914 · Pullit · Pullit

Name of the Vulnerable Software and Affected Versions: pullit versions prior to 1.4.0 Description: The issue allows OS Command Injection because eval is used on an attacker-supplied Git branch name. The package does not validate input on git branch names and concatenates it to an exec call,...

9.8CVSS7.9AI score0.02693EPSS
Exploits1References12
Node.js
Node.js
added 2019/06/19 3:46 p.m.20 views

Command Injection

Overview Versions of pullit prior to 1.4.0 are vulnerable to Command Injection. The package does not validate input on git branch names and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation Upgrade to version 1.4.0 or later. References -...

7.2AI score
Exploits0Affected Software1
Rows per page
Query Builder