9 matches found
CVE-2023-31128
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
EUVD-2023-35452
Malicious code in bioql PyPI...
CVE-2023-31128
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
Command injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128 NextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command Injection
NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...
CVE-2023-31128
Summary: CVE-2023-31128 concerns NextCloud Cookbook’s pull-checks.yml workflow, where an untrusted github.head_ref value can be attacker-controlled, enabling command injection via a crafted value (e.g., zzz";echo${IFS}"hello";#). The issue, stemming from a lack of input validation in the workflow...
NextCloud Cookbook 操作系统命令注入漏洞
NextCloud Cookbook is a recipe from NextCloud, Inc. NextCloud Cookbook has a security vulnerability that stems from the use of an untrusted github.headref field...
Malicious code in nextcloud-cookbook (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67a05fe7110f0b29da6c76fc1534cc2fcf9ff752fdc542306e5b83641defc79c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...