8 matches found
Malicious code in glovo-data-platform-declarative-airflow (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in glovo-data-platform-importer-brain (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5182 Malicious code in glovo-data-platform-declarative-airflow (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in glovo-data-platform-declarative (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-5181 Malicious code in glovo-data-platform-declarative (PyPI)
--- -= Per source details. Do not edit below this line.=-...
Glovo: Exposed valid AWS, Mysql, Sendgrid and other secrets
Summary: Hi team, I just discovered some hardcoded credentials allowing access to AWS, Mysql database, ... To make this report short, here is the POC: see ███ & █████ Steps To Reproduce: where there are the info : APPNAME=Glovo APPENV=local APPKEY=█████ APPDEBUG=false APPURL=http://localhost...
Glovo: Reflected XSS on delivery.glovoapp.com
Summary: Hi, there's a reflected XSS vulnerability present on the https://delivery.glovoapp.com/referrals/ endpoint. Steps To Reproduce: Opening the following URL should trigger the prompt window specified in the request parameters, indicating that arbitrary javascript can be injected into the...
Glovo: Server Side Template Injection on Name parameter during Sign Up process
Summary: Server-side template injection is when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. In this scenario, when an attacker signs up on the platform and uses a payload in the First Name field, the payload ...