Lucene search
K

45 matches found

Github Security Blog
Github Security Blog
added 2024/06/10 9:36 p.m.39 views

Composer has a command injection via malicious git branch name

Impact The status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches 2.2.24 for 2.2 LTS or 2.7.7 for mainline Workarounds Avoid installing dependencies via git by using...

8.8CVSS8.7AI score0.01041EPSS
Exploits0References9Affected Software1
Amazon
Amazon
added 2024/01/22 12:0 a.m.14 views

Medium: rust

Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject...

6.1CVSS7.5AI score0.00846EPSS
Exploits0
OSV
OSV
added 2023/08/24 11:15 p.m.2 views

DEBIAN-CVE-2023-40030

Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

6.1CVSS7.1AI score0.00846EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2023/07/01 5:8 p.m.243 views

Exploit for Deserialization of Untrusted Data in Spip

Installation et Exécution du script 💻 Prérequis Avant de...

9.8CVSS9.6AI score0.99637EPSS
Exploits23
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.2 views

SUSE CVE-2021-43809

Bundler is a package for managing application dependencies in Ruby. In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself...

7.3CVSS6.8AI score0.02796EPSS
Exploits1References6
Rows per page
Query Builder