29 matches found
EUVD-2021-2052
Malware in sbrugna...
Malicious code in isomorphic-random-example (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9673 Malicious code in isomorphic-random-example (npm)
--- -= Per source details. Do not edit below this line.=-...
Important: Red Hat Security Advisory: RHV 4.4 SP1 [ovirt-4.5.3-3] security update
Updated RHV packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
isomorphic-git: Directory traversal via a crafted repository
A flaw was found in isomorphic-git. An attacker could cause a Directory Traversal via a crafted filepath in a repository being cloned...
RHEL 8 : RHV 4.4 SP1 [ovirt-4.5.3-3] (RHSA-2023:0074)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0074 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...
MAL-2022-3967 Malicious code in isomorphi-cetch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e1e43045eadbf99f5d51f8f96699e59c9865577b1351c4fab7b826366b109e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3966 Malicious code in isomorphceftch (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89443e6b76432ccff6b8c99525082bc916344a2a69f27d8d5191c326023a27c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview @clover-microapp/utils-isomorphic is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable...
MAL-2022-3969 Malicious code in isomsorphic-react-dom (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5cb42b8400c90362f3b20685e648e98824dfcbfb667b1af00eba3754bdd507 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3968 Malicious code in isomorphic-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77d4d391965bb7a4c11a66a561e0658812b791204239bf258a2d48675c730c8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in isomorphic-core (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 77d4d391965bb7a4c11a66a561e0658812b791204239bf258a2d48675c730c8f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @clover-microapp/utils-isomorphic (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 482eb0aee6eec7e82d910ad31d6b3b39e0f154377bc5ae979f98fa6b984fae01 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-V82V-RQ72-PHQ9 Server side request forgery in @isomorphic-git/cors-proxy
The package @isomorphic-git/cors-proxy before 2.7.1 is vulnerable to Server-side Request Forgery SSRF due to missing sanitization and validation of the redirection action in middleware.js...
Server side request forgery in @isomorphic-git/cors-proxy
The package @isomorphic-git/cors-proxy before 2.7.1 is vulnerable to Server-side Request Forgery SSRF due to missing sanitization and validation of the redirection action in middleware.js...
CVE-2021-23664
CVE-2021-23664 affects @isomorphic-git/cors-proxy before 2.7.1. The vulnerability is Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. Exploitation details and public disclosures are present in connected advisories (GHSA/Snyk...
isomorphic-git 代码问题漏洞
isomorphic-git is a pure JavaScript implementation of open source git for node and browser environments including WebWorkers and ServiceWorkers. A security vulnerability exists in isomorphic-git cors-proxy versions prior to 2.7.1, which stems from a lack of cleanup and validation of redirect...
Server-side Request Forgery (SSRF)
Overview @isomorphic-git/cors-proxy is a Proxy clone and push requests for the browser Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to missing sanitization and validation of the redirection action in middleware.js. PoC GET...
Directory Traversal in isomorphic-git
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository...
GHSA-FGXQ-P49F-QW99 Directory Traversal in isomorphic-git
isomorphic-git before 1.8.2 allows Directory Traversal via a crafted repository...