8 matches found
Turbo security vulnerabilities
Turbo is a code development tool open source by Hotwire. Versions of Turbo prior to 8.0.x contained security vulnerabilities. These vulnerabilities stemmed from race conditions in the turbo-frame element handler, which could lead to failed logouts and the reapplication of session cookies after a...
EUVD-2024-0965
Malicious code in bioql PyPI...
Malicious code in @hotwire/react-utilities (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in @hotwire/react-me (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-28181
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
CVE-2024-28181 Arbitrary method invocation turbo_boost-commands
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...
CVE-2024-28181
CVE-2024-28181 affects the TurboBoost Commands library. The issue is an insufficiently robust permission check that can allow an attacker to invoke more public methods on Command classes than intended, risking arbitrary code execution within affected applications. Concrete details in connected so...
CVE-2024-28181 Arbitrary method invocation turbo_boost-commands
turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...