7 matches found
Information Exposure
Element Call is vulnerable to Information Exposure. The vulnerability is due to analytics data including full page URLs and URL fragments being sent to a configured PostHog server, which allows an attacker with access to the analytics data to obtain sensitive information such as call encryption...
GHSA-6VHH-4XW6-H2H2 Element Call reports full URLs of visited pages to analytics server
Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a posthog key in config.json or by the posthogApiHost and posthogApiKey URL parameters. Several fields of this data $initialpersoninfo, $sessionentryurl, and $currenturl were found ...
EUVD-2023-50542
Malicious code in bioql PyPI...
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...
Command injection
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...
PT-2023-29958 · Iterm2 · Iterm2
Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.5.0beta12 Description: The issue is related to the iTermSessionLauncher.m component in iTerm2, which does not properly sanitize paths in x-man-page URLs. This can lead to the inclusion of shell metacharacters in a...
PT-2022-17418 · Unknown · Identity Manager
Name of the Vulnerable Software and Affected Versions: Identity Manager affected versions not specified Description: An unauthenticated user can access specific page URLs of Identity Manager's management console. However, the system does not allow the user to carry out server-side tasks without a...