degit 操作系统命令注入漏洞

Degit is a tool developed by Rich Harris as a quick replication mechanism for Git repositories. Versions of degit prior to 2.8.6, as well as versions 3.0.0 to 3.3.1, contained an operating system command injection vulnerability. This vulnerability stemmed from improper handling of user input for...

PT-2026-32328

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

Moodle site-wide event monitoring rule subscription vulnerability

Moodle is an open source web-based teaching and learning application. Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 suffer from a security vulnerability in the site-wide rules in the event monitoring tool that allows remote, authenticated attackers to subscribe to event monitoring rules...