Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Github Security Blog
Github Security Blogadded 2023/07/06 9:5 p.m.29 views

SQLFluff users with access to config file, using `libary_path` may call arbitrary python code

Impact In environments where untrusted users have access to the config files e.g. .sqlfluff, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a sandboxed...

7.8CVSS6.8AI score0.00155EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2023/07/06 4:15 p.m.13 views

CVE-2023-36830

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

7.8CVSS7.1AI score0.00155EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/07/06 3:3 p.m.10 views

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

6.3CVSS7.5AI score0.00155EPSS
Exploits1References2
CVE
CVEadded 2023/07/06 3:3 p.m.36 views

CVE-2023-36830

CVE-2023-36830 affects SQLFluff prior to v2.1.2 where an attacker with access to config files could abuse the library_path setting to execute arbitrary Python code via Jinja/macros. The issue arises when untrusted users can view or modify config and leverage library_path to reach Python execution...

7.8CVSS7AI score0.00155EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2023/07/06 3:3 p.m.16 views

CVE-2023-36830 SQLFluff vulnerability for users with access to config file, using `library_path` to call arbitrary python code.

SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the librarypath config value to allow arbitrary python code to be executed via macros. For many users wh...

6.3CVSS8AI score0.00155EPSS
Exploits1References2
seebug.org
seebug.orgadded 2014/07/01 12:0 a.m.12 views

Pie Web M{a,e}sher 0.5.3 - Multiple Remote File Inclusion Vulnerability

No description provided by source. =========================================================================================== o Pie Web Ma,esher 0.5.3 Multiple Remote File Inclusion Vulnerability Software : Pie Web Ma,esher version 0.5.3 Vendor : http://pie.ekkaia.org/ Download :...

7.1AI score
Exploits0
OSV
OSVadded 2005/06/22 4:0 a.m.2 views

DEBIAN-CVE-2005-1524

PHP file inclusion vulnerability in topgraphheader.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the configlibrarypath parameter...

5CVSS7.9AI score0.12071EPSS
Exploits0References1
Rows per page
Query Builder