Oracle timeout at rebalance will result in a sell-off of all RSRs at 0 price

Lines of code Vulnerability details When creating the trade for rebalance, the RecollateralizationLibP1.nextTradePair uses uint192 low, uint192 high = rsrAsset.price; // UoA/tok to get the rsr sell price. And the rsr assert is a pure Assert contract, which price function will just return 0, FIXMA...

SUSE CVE-2008-3546

Stack-based buffer overflow in the 1 diffaddremove and 2 diffchange functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATHMAX when running GIT utilities such as git-diff or git-grep...

GHSA-M744-2JJ8-VPFV Command injection in git-parse

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability...

Homebrew: Broken parsing of Git diff allows an attacker to inject arbitrary Ruby scripts to Casks on official taps

Description Due to improper parsing of Git diff in Homebrew/actions/review-cask-pr, it's possible to confuse parser to ignore additional lines. Which leads injection of malicious Ruby scripts. Root cause review-cask-pr uses the git diff file to check if the pull request is "simple" enough to...

OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

GHSA-84CM-V6JP-GJMR OS command injection in git-diff-apply

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

git-diff-apply OS Command Injection Vulnerability

git-diff-apply is a package for getting git diff files and applying them to local branches. An operating system command injection vulnerability exists in the index.js file in versions of git-diff-apply prior to 0.22.2. The vulnerability stems from a network system or product not properly filterin...

OS Command Injection

git-diff-apply is vulnerable to OS command injection. Lack of validation and sanitization of the remoteUrl parameter allows an attacker to inject arbitrary OS command via the affected parameter that is subsequently used in utils.run as a git command...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

CVE-2019-10776

CVE-2019-10776 affects the package git-diff-apply prior to v0.22.2. The vulnerability stems from unvalidated input in index.js where a run() command is constructed from a user-controlled remoteUrl, enabling OS command injection. Impact could include remote code execution if untrusted input is sup...

CVE-2019-10776

In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2...

@gulpjs/update-template (>=0.1.0 <=0.2.1), @lblod/ember-rdfa-editor-stemming-module-plugin (>=0.1.0 <=0.1.3) +11 more potentially affected by CVE-2019-10776 via git-diff-apply (>=0.0.5 <=0.22.10)

git-diff-apply NPM version =0.0.5, =0.1.0, =0.1.0, =0.8.0, =0.1.9, =0.0.1, =0.9.0, =0.2.2, =0.14.0, =3.0.0 Source cves: CVE-2019-10776 Source advisory: SNYK:JS-GITDIFFAPPLY-540774...

Command Injection

Overview git-diff-apply is a package that can be used to reach an unrelated remote repository to apply a git diff. Affected versions of this package are vulnerable to Command Injection. In "index.js" file, line 240, the run command executes the git command with an user controlled variable called...