CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

OSV•added 2024/06/04 3:19 p.m.•32 views

GO-2024-2645 Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei

Nuclei allows unsigned code template execution through workflows in github.com/projectdiscovery/nuclei...

7.4CVSS7.5AI score0.00411EPSS

Exploits0References7

NVD•added 2022/10/25 5:15 p.m.•10 views

CVE-2022-39326

kartverket/github-workflows are shared reusable workflows for GitHub Actions. Prior to version 2.7.5, all users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected by a code injection vulnerability. A malicious actor could potentially send a PR with a...

8.8CVSS0.01201EPSS

Exploits0References3

Prion•added 2022/10/25 5:15 p.m.•15 views

Code injection

6.5CVSS8.7AI score0.01201EPSS

Exploits0References3Affected Software1

CNNVD•added 2022/10/25 12:0 a.m.•5 views

github-workflows 代码注入漏洞

github-workflows is a shared reusable workflow for GitHub Actions for Kartverket individual developers. A security vulnerability exists in github-workflows versions prior to 2.7.5, which stems from being affected by code injection, where a malicious actor may send a PR with a malicious load, whic...

8.8CVSS8.2AI score0.01201EPSS

Exploits0References4

Cvelist•added 2022/10/25 12:0 a.m.•28 views

CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan

8.8CVSS9AI score0.01201EPSS

Exploits0References3

OSV•added 2022/10/25 12:0 a.m.•23 views

CVE-2022-39326 kartverket/github-workflows's run-terraform allows for RCE via terraform plan

8.8CVSS8.6AI score0.01201EPSS

Exploits0References5

CVE•added 2022/10/25 12:0 a.m.•57 views

CVE-2022-39326

CVE-2022-39326 affects the kartverket/github-workflows repository's run-terraform reusable workflow. Before version 2.7.5, a malicious pull request could inject code that executes arbitrary JavaScript in the workflow context. Impact is described as code execution within the GitHub Actions workflo...

8.8CVSS8.8AI score0.01201EPSS

Exploits0References3Affected Software1

OSV•added 2022/10/19 6:54 p.m.•15 views

GHSA-F9QJ-7GH3-MHJ4 run-terraform allows for RCE via terraform plan

Impact What kind of vulnerability is it? Who is impacted? All users of the run-terraform reusable workflow from the kartverket/github-workflows repo are affected. A malicious actor could potentially send a PR with a malicious payload leading to execution of arbitrary JavaScript code in the contex...

8.8CVSS8.5AI score0.01201EPSS

Exploits0References5

Github Security Blog•added 2022/10/19 6:54 p.m.•18 views

run-terraform allows for RCE via terraform plan

8.8CVSS8.4AI score0.01201EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2022/10/19 12:0 a.m.•3 views

PT-2022-24901 · Github · Kartverket/Github-Workflows

Name of the Vulnerable Software and Affected Versions: kartverket/github-workflows versions prior to 2.7.5 Description: The issue is a code injection vulnerability that affects all users of the run-terraform reusable workflow from the kartverket/github-workflows repo. A malicious actor could...

8.8CVSS8.4AI score0.01201EPSS

Exploits0References8

NVD•added 2021/04/06 7:15 p.m.•12 views

CVE-2021-21423

projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...

8.1CVSS0.01381EPSS

Exploits0References3