Lucene search
+L

5 matches found

susecve
susecve
added 2026/02/07 12:23 a.m.5 views

SUSE CVE-2026-25145

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/04 7:32 p.m.5 views

CVE-2026-25145

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2026/02/04 7:32 p.m.4 views

CVE-2026-25145 melange has a path traversal in license-path which allows reading files outside workspace

melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References2
github
github
added 2026/02/04 12:9 a.m.13 views

melange has a path traversal in license-path which allows reading files outside workspace

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/02/04 12:0 a.m.4 views

PT-2026-6349

An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References5
Rows per page
Query Builder