9 matches found
CVE-2025-53104
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
CVE-2025-53104
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...
CVE-2025-53104
CVE-2025-53104 concerns the gluestack-ui project, where a command injection flaw existed in the discussion-to-slack.yml GitHub Actions workflow. The root cause was untrusted Discussion fields (title/body, etc.) being interpolated directly into shell commands in a run: block, allowing an attacker ...
gluestack-ui 命令注入漏洞
gluestack-ui is a gluestack open source. A command injection vulnerability exists in versions prior to gluestack-ui e6b4271, which stems from a command injection in the discussion-to-slack.yml workflow...
@admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49), @custom-lib/design-system (>=0.1.0 <=0.1.8) +88 more potentially affected by unknown CVE via @gluestack-ui/utils (>=0.0.0-pr-3103-accb2128b-1754977278 <=0.1.15)
@gluestack-ui/utils NPM version =0.0.0-pr-3103-accb2128b-1754977278, =6.5.1-alpha.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.5, =0.1.33, =0.1.0, =0.0.0-pr-3103-5a957bdfe-1754978268, =0.0.1-alpha.1, =0.5.36, =0.1.5, =0.1.28 and more Source cves: unknown CVE Source advisory: OSV:MAL-2025-4776...
Malicious code in @gluestack-ui/utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 17982e09dcf1a69caf714afad49b310371d80fe7260bf21fcad08da2a07df00c React Native ARIA and @gluestack-ui/utils had unauthorized new versions published that contained malicious code via a public access token...