2 matches found
PT-2026-6349
An attacker who can influence a melange configuration file e.g., through pull request-driven CI or build-as-a-service scenarios could read arbitrary files from the host system. The LicensingInfos function in pkg/config/config.go reads license files specified in copyright.license-path without...
CVE-2024-35183 wolfictl leaks GitHub tokens to remote non-GitHub git servers
wolfictl is a command line tool for working with Wolfi. A git authentication issue in versions prior to 0.16.10 allows a local user’s GitHub token to be sent to remote servers other than github.com. Most git-dependent functionality in wolfictl relies on its own git package, which contains...