10 matches found
EUVD-2024-35888
Malicious code in bioql PyPI...
EUVD-2023-41360
Malicious code in bioql PyPI...
PT-2025-29510 · Unknown · Metersphere
Name of the Vulnerable Software and Affected Versions: MeterSphere versions prior to 3.6.5-lts Description: MeterSphere, a continuous testing platform, contains a flaw due to improper validation or sanitization of the sortField parameter in specific API endpoints. This allows attackers to inject...
CVE-2023-30550
MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2023-25814
metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the...
CVE-2022-23544
MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...
MeterSphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in versions prior to MeterSphere 2.10.15-lts that stems from allowing users without workspace privileges to view functional test cases in other workspaces that exceed their...
Metersphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in Metersphere versions prior to 2.10.2 LTS, which stems from a lack of permission checking in certain critical APIs, allowing normal users to use the APIs of high-privileged...
CVE-2022-23512 Metersphere is vulnerable to Path Injection.
MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...