Lucene search
K

4 matches found

Cvelist
Cvelist
added 2024/04/04 2:57 p.m.15 views

CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists

Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...

7.5CVSS7.8AI score0.0031EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/28 6:30 a.m.34 views

git-commit-info vulnerable to Command Injection

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...

9.8CVSS9.8AI score0.03638EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/06/28 6:30 a.m.19 views

GHSA-H42J-MRMP-9369 git-commit-info vulnerable to Command Injection

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject arguments to the git...

9.8CVSS9.8AI score0.03638EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/06/28 5:0 a.m.17 views

CVE-2023-26134

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once...

9.8CVSS7.8AI score0.03638EPSS
Exploits1References3
Rows per page
Query Builder