Malicious code in creative_design_client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15b9d3a4ef8f0a22d5ff21957427271795b4aa88024b5746a06181ae5918235a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

RUSTSEC-2020-0021 rio allows a use-after-free buffer access when a future is leaked

When a rio::Completion is leaked, its drop code will not run. The drop code is responsible for waiting until the kernel completes the I/O operation into, or out of, the buffer borrowed by rio::Completion. Leaking the struct will allow one to access and/or drop the buffer, which can lead to a...