4 matches found
MAL-2024-10907 Malicious code in generate-release-description (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c4aae8376a8265f9be46411ca6aa198a1601b7b15a88d7264332993da67e8d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in generate-release-description (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1c4aae8376a8265f9be46411ca6aa198a1601b7b15a88d7264332993da67e8d1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Design/Logic Flaw
An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is...
CVE-2022-24999
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...