1351 matches found
GHSA-4HQ2-RPGC-R8R7 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...
CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...
CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action
JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...
CVE-2024-39700
CVE-2024-39700 describes a remote code execution in the JupyterLab extension template copier, specifically in the update-integration-tests.yml workflow of the JupyterLab extension template used to bootstrap projects. The RCE is linked to repositories created with the template’s test option. Affec...
PT-2024-28639
Name of the Vulnerable Software and Affected Versions JupyterLab extension template versions prior to 4.3.0 Description The JupyterLab extension template has a remote code execution RCE vulnerability in the update-integration-tests.yml workflow. This issue affects repositories created using the...
Malicious code in kibana-github-actions (npm)
--- -= Per source details. Do not edit below this line.=-...
code injection vulnerability exists in the huggingface/text-generation-inference repository
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
GHSA-QQ99-P57R-G3V7 code injection vulnerability exists in the huggingface/text-generation-inference repository
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
CVE-2024-3924
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
CVE-2024-3924
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
CVE-2024-3924 Code Injection in huggingface/text-generation-inference
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
CVE-2024-3924 Code Injection in huggingface/text-generation-inference
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...
nuclei_poc
Nuclei POCs Nuclei POCs, updated daily Chinesehttps://git...
Hyperledger: Code exec on Github runner via Pull request name
A command injection vulnerability was discovered in the GitHub Actions workflow of the Hyperledger Cacti repository. The vulnerability allowed an attacker to inject arbitrary commands and execute them on the GitHub runner by crafting a malicious pull request title. The vulnerability was present i...
AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs
New cybersecurity research has found that command-line interface CLI tools from Amazon Web Services AWS and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some...
CLI for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
GHSA-4JHJ-3GV3-C3GR CLI for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Server/API for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
GHSA-69P4-J5V5-X234 Server/API for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...
Types for Vela Insecure Variable Substitution
Impact Vela pipelines can use variable substitution combined with insensitive fields like parameters, image and entrypoint to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block...