6 matches found
CVE-2022-31004
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...
EUVD-2022-52711
Malicious code in bioql PyPI...
CVE-2022-31004
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...
Code injection
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...
CVE-2022-31004
CVE-2022-31004 affects the open source CVE services API project cve-services. A conditional in data.js can cause the generated randomKey to be written to disk when not running in development, potentially exposing plaintext secrets on disk in production. Public details do not list a released patch...
CVE-2022-31004 Potential secrets being logged to disk in CVE Services
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...