109 matches found
Mozilla: Mozilla Employee's Token for sql.telemetry.mozilla.org Exposed in Git Commit
A Mozilla employee's API token was exposed in a GitHub repository, granting access to confidential data. The token was rotated and removed from the service...
FreeBSD-SA-23:08.ssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:08.ssh Security Advisory The FreeBSD Project Topic: Potential remote code execution via ssh-agent forwarding Category: contrib Module: OpenSSH Announced:...
@saithodev/ts-appversion (>=1.3.0 <=2.1.2), ng-appversion (=1.3.0) +1 more potentially affected by CVE-2023-26134 via git-commit-info (=1.1.0)
git-commit-info NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on git-commit-info and may be impacted: - @saithodev/ts-appversion =1.3.0, =1.0.0, =2.0.3 Source cves: CVE-2023-26134 Source advisory: OSV:GHSA-H42J-MRMP-9369...
GHSA-H42J-MRMP-9369 git-commit-info vulnerable to Command Injection
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...
git-commit-info vulnerable to Command Injection
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
Command injection
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
CVE-2023-26134
Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...
CVE-2023-26134
CVE-2023-26134 affects the npm package git-commit-info prior to version 2.0.2. The vulnerability is a Command Injection in the exported gitCommitInfo() function where the commit parameter is not properly sanitized, allowing untrusted input to flow into a sensitive command execution API. Exploitat...
git-commit-info 命令注入漏洞
git-commit-info is a library by Jan Peer Stöcklmair Personal Developer. Get all the information about a specific commit. A security vulnerability exists in git-commit-info versions prior to 2.0.2, which stems from the presence of a command injection vulnerability...
PT-2023-20513 · Unknown · Git-Commit-Info
Name of the Vulnerable Software and Affected Versions: git-commit-info versions prior to 2.0.2 Description: The issue arises from the gitCommitInfo method failing to sanitize its commit parameter, which later flows into a sensitive command execution API. This allows attackers to inject malicious...
Command Injection
Overview git-commit-info is a Get the info of an specific commit hash Affected versions of this package are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a...
Mozilla: Mozilla FuzzManager API Token Exposed in Git Commit
An API token for a Mozilla fuzzing service was exposed in a GitHub repository commit. The token provided read-write access to internal fuzzing data. The token was rotated and configured for write-only access...
Python 3.12.0 Pre-Releases Multiple UAF Vulnerabilities - Windows
Python is prone to multiple use-after-free UAF vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...
CVE-2023-1428
There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...
CVE-2023-1428 Denial-of-Service in gRPC
There exists an vulnerability causing an abort to be called in gRPC. The following headers cause gRPC's C++ implementation to abort when called via http2: te: x x != trailers :scheme: x x != http, https grpclbclientstats: x x == anything On top of sending one of those headers, a later header must...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. PoC import tensorflow as tf func = tf.rawops.ParallelConcat...
FreeBSD-SA-23:02.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:02.openssh Security Advisory The FreeBSD Project Topic: OpenSSH pre-authentication double free Category: contrib Module: openssh Announced: 2023-02-16...
SUSE CVE-2016-8568
The gitcommitmessage function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service out-of-bounds read via a cat-file command with a crafted object file...