Lucene search
K

4 matches found

OSV
OSV
added 2024/11/24 10:43 p.m.2 views

MAL-2024-10907 Malicious code in generate-release-description (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c4aae8376a8265f9be46411ca6aa198a1601b7b15a88d7264332993da67e8d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7.2AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/11/24 10:43 p.m.1 views

Malicious code in generate-release-description (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c4aae8376a8265f9be46411ca6aa198a1601b7b15a88d7264332993da67e8d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Prion
Prion
added 2023/03/09 9:15 p.m.17 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is...

5CVSS5.2AI score0.00786EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2022/11/26 10:15 p.m.19 views

CVE-2022-24999

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

7.5CVSS0.14663EPSS
Exploits2References5
Rows per page
Query Builder