31 matches found
EUVD-2024-33348
Malicious code in bioql PyPI...
EUVD-2024-33117
Malicious code in bioql PyPI...
EUVD-2023-1427
Malicious code in bioql PyPI...
CVE-2024-10435
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2023-28669
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action...
CVE-2024-10919
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit h...
CVE-2024-10919
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit h...
CVE-2024-10919
CVE-2024-10919 affects didi Super-Jacoco 1.0. The vulnerability lies in the /cov/triggerUnitCover function, where manipulating the uuid parameter leads to an OS command injection. The attack can be launched remotely, and the public exploit is available. Connected sources confirm the issue and des...
CVE-2024-10919 didi Super-Jacoco triggerUnitCover os command injection
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit h...
CVE-2024-10919 didi Super-Jacoco triggerUnitCover os command injection
A vulnerability has been found in didi Super-Jacoco 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /cov/triggerUnitCover. The manipulation of the argument uuid leads to os command injection. The attack can be launched remotely. The exploit h...
DiDi Super-Jacoco 安全漏洞
DiDi Super-Jacoco is a one-stop JAVA code full/diff coverage collection platform from China's Dripping DiDi company. A security vulnerability exists in DiDi Super-Jacoco version 1.0, which stems from an operating system command injection in the parameter uuid...
CVE-2024-10435
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2024-10435 didi Super-Jacoco triggerEnvCov command injection
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2024-10435 didi Super-Jacoco triggerEnvCov command injection
A vulnerability was found in didi Super-Jacoco 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /cov/triggerEnvCov. The manipulation of the argument uuid leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2024-10435
CVE-2024-10435 affects didi Super-Jacoco 1.0. The vulnerability resides in the /cov/triggerEnvCov code path, where manipulation of the uuid argument enables command injection. It is exploitable over the network and exploitation has been disclosed publicly. Multiple sources (NVD, CVE List, Red Hat...
DiDi Super-Jacoco 命令注入漏洞
DiDi Super-Jacoco is a one-stop JAVA code full/diff coverage collection platform from China's DiDi DiDi company. A command injection vulnerability exists in DiDi Super-Jacoco version 1.0, which stems from the parameter uuid in the file /cov/triggerEnvCov that can lead to command injection...
MAL-2024-9239 Malicious code in jacoco-report (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b69d2d6c05db4695b8af9c114b5851c1c95e7e59f07fa671941231429709fb2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
com.alipay.sofa:sofa-boot-jacoco-report (>=3.18.0 <=3.25.0) potentially affected by CVE-2024-23636 via com.alipay.sofa:rpc-sofa-boot-starter (>=3.18.0 <=3.25.0)
com.alipay.sofa:rpc-sofa-boot-starter MAVEN version =3.18.0, =3.18.0, =3.25.0 Source cves: CVE-2024-23636 Source advisory: OSV:GHSA-7Q8P-9953-PXVR...
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. Version 3.3.2.1 escapes clas...
com.groupon.jenkins-ci.plugins:DotCi-Plugins-Starter-Pack (>=1.7.2 <=1.8.2), com.groupon.jenkins.plugins:DotCi-Plugins-Starter-Pack (>=1.0.0 <=1.7.1) +1 more potentially affected by CVE-2023-28669 via org.jenkins-ci.plugins:jacoco (>=1.0.14 <=1.0.9)
org.jenkins-ci.plugins:jacoco MAVEN version =1.0.14, =1.7.2, =1.0.0, =1.7, =1.12.3 Source cves: CVE-2023-28669 Source advisory: OSV:GHSA-XJ29-GFWW-J67G...