2 matches found
MGASA-2021-0147 Updated koji packages fix security vulnerability
Koji through 1.17.0 allows remote Directory Traversal, with resulting Privilege Escalation...
MGASA-2019-0144 Updated koji packages fix security vulnerability
Multiple xmlrpc call handlers in Koji’s hub code contain SQL injection bugs. By passing carefully constructed arguments to these calls, an unauthenticated user can issue arbitrary SQL commands to Koji’s database. This gives the attacker broad ability to manipulate or destroy data CVE-2018-1002161...