CVE-2023-50762

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a...

yiisoft/yii deserializing untrusted user input can lead to remote code execution

Impact Affected versions of yiisoft/yii are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Patches Upgrade yiisoft/yii to version 1.1.29 or higher. For more information See the following links for more details: - Git commit -...

NULL Pointer Dereference in function gf_filter_pck_new_alloc_internal

Description NULL Pointer Dereference in function gffilterpcknewallocinternal at filtercore/filterpck.c:108. Version git log commit 5692dc729491805e0e5f55c21d50ba1e6b19e88e HEAD - master, origin/master, origin/HEAD Author: Aurelien David Date: Wed Oct 11 13:24:46 2023 +0200 ac3dmx: add remain size...

Mozilla: Mozilla Employee's Token for sql.telemetry.mozilla.org Exposed in Git Commit

A Mozilla employee's API token was exposed in a GitHub repository, granting access to confidential data. The token was rotated and removed from the service...

FreeBSD-SA-23:08.ssh

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:08.ssh Security Advisory The FreeBSD Project Topic: Potential remote code execution via ssh-agent forwarding Category: contrib Module: OpenSSH Announced:...

@saithodev/ts-appversion (>=1.3.0 <=2.1.2), ng-appversion (=1.3.0) +1 more potentially affected by CVE-2023-26134 via git-commit-info (=1.1.0)

git-commit-info NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-commit-info and may be impacted: - @saithodev/ts-appversion =1.3.0, =1.0.0, =2.0.3 Source cves: CVE-2023-26134 Source advisory: OSV:GHSA-H42J-MRMP-9369...

GHSA-H42J-MRMP-9369 git-commit-info vulnerable to Command Injection

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...

git-commit-info vulnerable to Command Injection

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...

CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

Command injection

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

CVE-2023-26134

CVE-2023-26134 affects the npm package git-commit-info prior to version 2.0.2. The vulnerability is a Command Injection in the exported gitCommitInfo() function where the commit parameter is not properly sanitized, allowing untrusted input to flow into a sensitive command execution API. Exploitat...

git-commit-info 命令注入漏洞

git-commit-info is a library by Jan Peer Stöcklmair Personal Developer. Get all the information about a specific commit. A security vulnerability exists in git-commit-info versions prior to 2.0.2, which stems from the presence of a command injection vulnerability...

PT-2023-20513 · Unknown · Git-Commit-Info

Name of the Vulnerable Software and Affected Versions: git-commit-info versions prior to 2.0.2 Description: The issue arises from the gitCommitInfo method failing to sanitize its commit parameter, which later flows into a sensitive command execution API. This allows attackers to inject malicious...

Command Injection

Overview git-commit-info is a Get the info of an specific commit hash Affected versions of this package are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a...

Mozilla: Mozilla FuzzManager API Token Exposed in Git Commit

An API token for a Mozilla fuzzing service was exposed in a GitHub repository commit. The token provided read-write access to internal fuzzing data. The token was rotated and configured for write-only access...

Python 3.12.0 Pre-Releases Multiple UAF Vulnerabilities - Windows

Python is prone to multiple use-after-free UAF vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

CVE-2023-1428

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...

CVE-2023-1428 Denial-of-Service in gRPC

There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...