52 matches found
EUVD-2021-21850
Malware in sbrugna...
EUVD-2025-26213
Malicious code in bioql PyPI...
EUVD-2024-2303
Malicious code in bioql PyPI...
EUVD-2023-1809
Malicious code in bioql PyPI...
EUVD-2023-12942
Malicious code in bioql PyPI...
CVE-2025-55750 Gitpod Classic Affected by Bitbucket OAuth Token Exposure via Redirect Fragment
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment...
CVE-2025-55750 Gitpod Classic Affected by Bitbucket OAuth Token Exposure via Redirect Fragment
Gitpod is a developer platform for cloud development environments. In versions before main-gha.33628 for both Gitpod Classic and Gitpod Classic Enterprise, OAuth integration with Bitbucket in certain conditions allowed a crafted link to expose a valid Bitbucket access token via the URL fragment...
CVE-2025-55750
Gitpod Classic and Gitpod Classic Enterprise versions prior to main-gha.33628 were affected by an OAuth Bitbucket token exposure vulnerability. In certain conditions, a crafted Bitbucket OAuth redirect could cause a valid Bitbucket access token to be exposed in the URL fragment when an authentica...
gitpod 安全漏洞
gitpod is a cloud-based integrated development environment open-sourced by gitpod. A security vulnerability exists in versions prior to gitpod main-gha.33628, which stems from mishandling of the Bitbucket OAuth integration, which could lead to access token disclosure...
PT-2025-35245
Name of the Vulnerable Software and Affected Versions: Gitpod versions prior to main-gha.33628 Description: Gitpod, a developer platform for cloud development environments, experienced an issue where OAuth integration with Bitbucket, under specific conditions, could expose a valid Bitbucket acces...
CVE-2024-21583
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2023-0957
An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking CSWSH vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This...
CVE-2023-32766
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three vscode: vscode-insiders: jetbrains-gateway:...
CVE-2021-35206
Gitpod before 0.6.0 allows unvalidated redirects...
Exploit for Allocation of Resources Without Limits or Throttling in Vmware Spring_Framework
Spring CVE-2022-22970 Proof of Concept This repo contains...
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
GHSA-8PGC-65MJ-53H5 github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2024-21583
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...
CVE-2024-21583
CWE/CVE: CVE-2024-21583 affects Gitpod components and protocol (e.g., components/server/go/pkg/lib, components/ws-proxy/pkg/proxy, installer/auth/public-api-server/server, and @gitpod/gitpod-protocol; before main-gha.27122) with a Cookie Tossing flaw due to a missing __Host- prefix on the gitpod_...
CVE-2024-21583
Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/components/ws-proxy/pkg/proxy before main-gha.27122; versions of the package github.com/gitpod-io/gitpod/install/installer/pkg/components/aut...