Generalized frontrunning risk for claiming winnings due to request.currentChosenTokenId being public

Lines of code Vulnerability details Impact The function VRFNFTRandomDraw.sol:fulfillRandomWords called by Chainlink receives an array of random words, and uses it to choose a random offset by which the winning tokenId is selected. The chosen tokenId is stored on the public request variable in the...

PT-2022-14121 · Kubevirt +1 · Kubevirt +1

Name of the Vulnerable Software and Affected Versions: KubeVirt versions up to 0.56 KubeVirt version 0.55.1 Description: A path traversal vulnerability in KubeVirt allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are...