79 matches found
Unintended read access in kramdown gem
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2020:2069-1)
This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...
Security update for webkit2gtk3 (important)
openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2020:1064-1 Rating: important References: 1173998 Cross-References: CVE-2020-13753 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 Affected Products: openSUSE...
SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:1990-1)
This update for webkit2gtk3 fixes the following issues : Update to version 2.28.3 bsc1173998 : + Enable kinetic scrolling with async scrolling. + Fix web process hangs on large GitHub pages. + Bubblewrap sandbox should not attempt to bind empty paths. + Fix threading issues in the media player. +...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
DEBIAN-CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
UBUNTU-CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
CVE-2020-14001
The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...
CVE-2020-14001
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
Unintended read access in kramdown gem
The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...
Mail.ru: [staging.tarantool.org] Github Pages Subdomain-take-over
Unused staging.tarantool.org subdomain was delegated to github pages and was not claimed...
Augur: Subdomain takeover on slack.augur.net pointing to GitHub Pages
Summary The slack.augur.net record wasn't removed from the DNS after the migration to Discord invite.augur.net and was pointing to a non-existent page on GitHub Pages. So a subdomain takeover was possible and a proof-of-concept has been done to confirm this. Description Searching for subdomains o...
gh-pages design flaws
gh-pages is a tool that enables you to deploy projects to Github pages using Grunt. A security vulnerability exists in gh-pages versions prior to 0.9.1. An attacker can exploit the vulnerability to write unencrypted github credentials to a log file...
X (Formerly Twitter): Takeover of Twitter-owned domain at mobileapplinking.com
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: Not sure there is much of a...
Service worker meeting notes
On July 28th-29th we met up in the Mozilla offices in Toronto to discuss the core service worker spec. I'll try and cover the headlines here. Before I get stuck in to the meaty bits of the meeting, our intent here is to do what's best for developers and the future of the web, so if you disagree...