127 matches found
EUVD-2012-1837
Malware in sbrugna...
EUVD-2012-1838
Malware in sbrugna...
EUVD-2021-18769
Malware in sbrugna...
Malicious code in @zalastax/nolb-pdm (npm)
The package @zalastax/nolb-pdm was found to contain malicious code...
MAL-2025-13111 Malicious code in @zalastax/nolb-pdm (npm)
The package @zalastax/nolb-pdm was found to contain malicious code...
Malicious code in pdm-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-8794 Malicious code in pdm-skeleton (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c8ba9c7f0e8687739c6047f24241f9e715c735f096f38643dc9c818c09d6cab2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
adam-assist (>=0.1.1 <=0.3.9), adam-core (>=0.3.0 <=0.5.5) +49 more potentially affected by CVE-2023-45805 via pdm (>=1.15.5 <=2.9.3)
pdm PYPI version =1.15.5, =0.1.1, =0.3.0, =0.0.1, =0.1.2, =0.3.5, =2.0.0rc0, =0.1.0, =0.1.2, =0.1.0, =0.2.0, =0.1.5, =0.3.0, =0.1.0, =1.0.28 and more Source cves: CVE-2023-45805 Source advisory: OSV:GHSA-J44V-MMF2-XVM9...
GHSA-J44V-MMF2-XVM9 PDM Trojan Lockfile
Summary It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. Details Project foo can be targeted by creating the project foo-2 and uploading the fil...
CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
DEBIAN-CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-45805 Trojan Lockfilein pdm
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-45805
CVE-2023-45805 affects the Python tool PDM (dependency manager). A crafted pawns-style lockfile in which a project like foo is targeted with foo-2 and a file foo-2-2.tar.gz can mislead PyPI and PDM into installing a different project than what appears in pyproject.toml, potentially allowing arbit...
CVE-2023-45805 Trojan Lockfilein pdm
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-45805
pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious pdm.lock file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project f...
CVE-2023-40955
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...
CVE-2023-40955
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...
CVE-2023-40957
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/baseclient.py compone...
CVE-2023-40955
A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management aka pdm v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/baseclient.py componen...