Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.13 views

CVE-2026-29051

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.7AI score0.00172EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/24 2:40 a.m.7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the --persist-lint-results process. An attacker can overwrite arbitrary JSON files on the filesystem by supplying a crafted APK with manipulated .PKGINFO fields containing path traversal sequences. This is only...

4.8CVSS6.3AI score0.00172EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 12:16 a.m.14 views

CVE-2026-29051

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/24 12:0 a.m.35 views

CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 12:0 a.m.7 views

CVE-2026-29051 melange has Path Traversal via .PKGINFO in --persist-lint-results

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.7AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:0 a.m.7 views

EUVD-2026-25356

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.7AI score0.00172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 12:0 a.m.7 views

CVE-2026-29051

melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/24 12:0 a.m.14 views

CVE-2026-29051

This CVE affects melange, where the lint/build workflow (enabled by --persist-lint-results) constructs output paths by joining --out-dir with arch and pkgname read from the APK’s .PKGINFO. Versions 0.32.0 through 0.43.3 are vulnerable; 0.43.4 fixes the issue by validating arch/pkgname against ..,...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/23 9:54 p.m.14 views

melange has Path Traversal via .PKGINFO in --persist-lint-results

Impact melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/23 9:54 p.m.8 views

GHSA-Q2PW-XX38-P64J melange has Path Traversal via .PKGINFO in --persist-lint-results

Impact melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not...

3.3CVSS5.9AI score0.00172EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34804

Name of the Vulnerable Software and Affected Versions melange versions 0.32.0 through 0.43.3 Description When using the opt-in flag '--persist-lint-results' via 'melange lint' or 'melange build', the software constructs output file paths by joining the '--out-dir' parameter with arch and pkgname...

4.4CVSS5.5AI score0.00172EPSS
Exploits0References10
Rows per page
Query Builder