Code injection

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

CVE-2021-29506 Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.

GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix:...

Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

Summary Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover Vulnerability Details CVEID: CVE-2020-8566 DESCRIPTION:...

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS...

CVE-2021-31903

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS...

Cross site scripting

In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS...

JetBrains WebStorm 安全漏洞

JetBrains WebStorm is a JavaScript integrated development environment from Czech software development company JetBrains. versions prior to JetBrains WebStorm 2021.1 have a local code execution vulnerability that could be exploited by an attacker to make WebStrom execute local code when pulling co...

CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,...

CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,...

CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,...

UBUNTU-CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,...

CVE-2021-22206

An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror credentials are exposed that allows other maintainers to be able to view the credentials in plain-text,...

CVE-2021-22206

Removed by vendor...

Unspecified Vulnerability in GitLab

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in Gitlab version 11.6 an...

GitLab 信息泄露漏洞

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in Gitlab version 11.6 an...

The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension, related to improper code generation management, allows a perpetrator to execute arbitrary code.

The vulnerability of the editor extension for Microsoft Visual Studio Code’s GitHub Pull Requests and Issues extension is related to improper code generation management. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted request...

Critical RCE Bug Found in Homebrew Package Manager for macOS and Linux

A recently identified security vulnerability in the official Homebrew Cask repository could have been exploited by an attacker to execute arbitrary code on users' machines that have Homebrew installed. The issue, which was reported to the maintainers on April 18 by a Japanese security researcher...

CVE-2021-21405 BLS Signature "Malleability"

Lotus is an Implementation of the Filecoin protocol written in Go. BLS signature validation in lotus uses blst library method VerifyCompressed. This method accepts signatures in 2 forms: "serialized", and "compressed", meaning that BLS signatures can be provided as either of 2 unique byte arrays...

PT-2021-14482 · Unknown +2 · Filecoin-Ffi +2

Name of the Vulnerable Software and Affected Versions: Lotus affected versions not specified Description: The issue concerns BLS signature validation in Lotus, which uses the blst library method VerifyCompressed. This method accepts signatures in two forms: serialized and compressed, allowing BLS...

CVE-2021-28470

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...