6 matches found
GHSA-CQ8V-F236-94QC vulnerabilities
Vulnerabilities for packages: yara-x, atuin, zellij, xh, nushell, netavark, wasmcloud, mdbook, yazi, linkerd2, py3-xet-core, buck2, ruff, deno, efs-utils, samply, vector, linkerd-network-validator, rustup, pixi, kdash, zed, cargo-c, wizer, cargo-audit, ntpd-rs, uutils, rav1e, sccache, just, pgcat...
GHSA-CQ8V-F236-94QC vulnerabilities
Vulnerabilities for packages: kdash, mountpoint-s3, linkerd2-proxy, pgcat, worktrunk, wasmcloud, hurl, mise, yara-x, bootc, linkerd-network-validator, netavark, sdp-k8s-injector, wasmtime, ruff, zola, shadowsocks-rust, valkey-ldap, yazi, zizmor, komodo, fnm, sentry-cli, cargo-audit, buck2, just,...
EUVD-2025-18116
Malicious code in bioql PyPI...
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...
GHSA-V33J-V3X4-42QG Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...
PT-2025-26514 · Crates.Io · Hurl
Given this Hurl file: regex.hurl: GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // When exported to HTML: $ hurlfmt --out html regex.hurl GET https://foo.com HTTP 200 Asserts jsonpath "$.body" matches // The regex literal // is not escaped: // When opened in a browser, the code i...