1697 matches found
CVE-2021-28470
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...
Remote code execution
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability...
CVE-2021-28470 Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
...
CVE-2021-28470
CVE-2021-28470 affects the Visual Studio Code GitHub Pull Requests and Issues Extension. The vulnerability is a remote code execution flaw in the extension component, with exploitation requiring user interaction and local access, as indicated by CVSS 3.1 (LOCAL, UI: REQUIRED, C/H/I/A HIGH). Affec...
OS Command Injection in giting
giting version prior to 0.0.8 allows execution of arbritary commands. The first argument repo of function pull is executed by the package without any validation...
Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability
...
Vulnerabilities fixed in Microsoft Developer Tools
Vulnerabilities have been fixed in Windows Developer Tools. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Remote code execution User privileges. Impersonating another user Access to sensitive data Increased use...
Security Update for Microsoft Visual Studio Code GitHub Pull Requests and Isssues Extension (April 2021)
The Microsoft Visual Studio Code GitHub Pull Requests and Issues Extension is prior to version 0.25.1. It is, therefore, affected by a remote code execution vulnerability. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary...
Microsoft Visual Studio Code 代码注入漏洞
Microsoft Visual Studio Code is an open source code editor from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Visual Studio Code, which stems from a GitHub pull request and a remote code execution vulnerability in the extension in question...
Privilege Escalation
projen is vulnerable to privilege escalation. The vulnerability exists due to workflow being able to be triggered the issuecomment on the pull request...
Design/Logic Flaw
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
CVE-2021-21423 Exposure of Version-Control Repository to an Unauthorized Control Sphere in projen
projen is a project generation tool that synthesizes project configuration files such as package.json, tsconfig.json, .gitignore, GitHub Workflows, eslint, jest, and more, from a well-typed definition written in JavaScript. Users of projen's NodeProject project type including any project type...
PT-2021-2740 · Microsoft · Visual Studio Code Github Pull Requests/Issues Extension
Name of the Vulnerable Software and Affected Versions: Visual Studio Code GitHub Pull Requests and Issues Extension affected versions not specified Description: The issue is related to incorrect code generation management in the extension, which can be exploited by sending a specially crafted...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
CVE-2021-22863
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
CVE-2021-22862
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
CVE-2021-22861
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to gain write access to unauthorized repositories via specifically crafted pull requests and REST API requests. An attacker would need to be able to fork the target...
Improper access control
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with the ability to fork a repository to disclose Actions secrets for the parent repository of the fork. This vulnerability existed due to a flaw that allowed the base reference ...
Improper access control
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...