CVE-2022-31830

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery SSRF via the init function at ImageCapture.class.php...

Minder does not sandbox http.send in Rego programs

Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...

CVE-2024-37904 Denial of service from maliciously configured Git repository in Minder

Minder is an open source Software Supply Chain Security Platform. Minder's Git provider is vulnerable to a denial of service from a maliciously configured GitHub repository. The Git provider clones users repositories using the github.com/go-git/go-git/v5 library on lines L55-L89. The Git provider...

GO-2024-2885 Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder...

GHSA-8FMJ-33GW-G7PW Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on th...

CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

CVE-2024-35238 Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder by Stacklok is an open source software supply chain security platform. Minder prior to version 0.0.51 is vulnerable to a denial-of-service DoS attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that...

GO-2024-2864 Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder...

Denial of service of Minder Server with attacker-controlled REST endpoint

The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends...

CVE-2024-35185 Denial of service of Minder Server with attacker-controlled REST endpoint

Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch dat...

CVE-2024-35185 Denial of service of Minder Server with attacker-controlled REST endpoint

Minder is a software supply chain security platform. Prior to version 0.0.49, the Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch dat...