1675 matches found
CVE-2024-43368 Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste
The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put in place for GHSA-qjqp-xr96-cj99. In pull request 1149, sanitation was added for Trix attachments with a text/html content type. However, Trix only checks the...
CVE-2024-42370
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
Litestar 安全漏洞
Litestar is a powerful, flexible but stubborn ASGI framework open-sourced by Litestar. A security vulnerability exists in Litestar version 2.10.0 and prior versions that stems from vulnerability to environment variable injection attacks, leading to confidentiality disclosure and repository...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370
Litestar (versions 2.10.0 and earlier) is affected by an environment variable injection flaw in the docs-preview.yml workflow. A crafted artifact can be introduced via the workflow’s artifact handling, potentially exposing DOCS_PREVIEW_DEPLOY_TOKEN and granting the attacker permissions to write i...
PT-2024-29904 · Litestar · Litestar
Name of the Vulnerable Software and Affected Versions: Litestar versions 2.10.0 and prior Description: The issue is related to Environment Variable injection in Litestar's docs-preview.yml workflow, which may lead to secret exfiltration and repository manipulation. This grants a malicious actor...
kernel: scsi: qla2xxx: Fix command flush on cable pull
A flaw was found in the qla2xxx module in the Linux kernel. A NULL pointer dereference can be triggered when the system is under memory stress and the driver cannot allocate memory to handle the error recovery of cable pull, causing a system crash and a denial of service...
SUSE CVE-2024-41946
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41127
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...
CVE-2024-41127
CVE-2024-41127 affects Monkeytype via its GitHub Actions workflow ci-failure-comment.yml. A vulnerability in the workflow’s handling of the artifact variable (./pr_num/pr_num.txt) allows interpolation into a JS script after the value is not validated as a number, enabling an attacker to gain writ...
REXML DoS vulnerability
Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. Patches The REXML gem 3.3.3 or later include t...
GHSA-5866-49GR-22V4 REXML DoS vulnerability
Impact The REXML gem before 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. If you need to parse untrusted XMLs with SAX2 or pull parser API, you may be impacted to this vulnerability. Patches The REXML gem 3.3.3 or later include t...
Monkeytype 安全漏洞
Monkeytype is a minimalist and customizable typing test open-sourced by Monkeytype. A security vulnerability exists in versions of Monkeytype prior to 24.30.0, which stems from vulnerability to a code injection attack, where an attacker is able to gain pull request write access...
Uncontrolled Resource Consumption ('Resource Exhaustion')
Overview rexml is an An XML toolkit for Ruby. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption 'Resource Exhaustion' via the SAX2 or pull parser API. An attacker can cause the application to consume excessive resources leading to a denial of service by...
CVE-2024-41946 REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...
CVE-2024-41946 REXML DoS vulnerability
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability...