11 matches found
EUVD-2022-1933
Malicious code in bioql PyPI...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware
The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...
GHSA-27J5-2H6R-C9Q2 OpenAPI Tools OpenAPI Generator uses HTTP in various files
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
USN-4858-1: Gradle vulnerabilities
It was discovered that Gradle used an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins were used. A remote unauthenticated attacker could possibly use this issue to perform a machine-in-the-middle attack. CVE-2019-11065 It was discovered that...
CVE-2019-10753
In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel http. If the build occurred over an insecure connection, a maliciou...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
Design/Logic Flaw
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
CVE-2019-11405
OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies...
X (Formerly Twitter): [Twitter Open Source] Releases were & are built/executed/tested/released in the context of insecure/untrusted code
Summary: CWE-829: Inclusion of Functionality from Untrusted Control Sphere CWE-494: Download of Code Without Integrity Check Twitter maintains several Open Source Projects under the Twitter GitHub organization. These projects contain build files that indicate that some of these projects are...