2 matches found
GHSA-WCMJ-X466-56MM OpenTofu: Provider cache installation follows root-module-controlled package directory symlink and writes outside the working tree
Summary If a symlink already exists under the .terraform/providers directory where a provider package needs to be installed, tofu init would follow that symlink and install the new package content into it. If an attacker can coerce an operator into running tofu init in a directory whose contents...
MAL-2022-4492 Malicious code in material-ui-plugin-styles-provider-cache (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c532d2260b90e64adf2ec199da8ee4d191a0c4803afeaa57c2327d49db0c6969 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...