3 matches found
EUVD-2024-52312
Malicious code in bioql PyPI...
CVE-2024-54143 openwrt/asu allows build artifact poisoning via truncated SHA-256 hash and command injection
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious...
CVE-2024-54143
CVE-2024-54143 affects OpenWrt ASU (image-on-demand server). The build request hash truncates SHA-256 to 12 characters, lowering entropy and enabling potential hash collisions. An attacker could poison the artifact cache by serving a previously built malicious image, possibly combined with a comm...