4 matches found
EUVD-2024-0695
Malicious code in bioql PyPI...
CVE-2024-27093
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...
Minder trusts client-provided mapping from repo name to upstream ID
Summary When using a modified client or the grpc interface directly, the RegisterRepository call accepts both the repository owner / repo and the repoid. Furthermore, these two are not checked for matching before registering webhooks and data in the database. Details It is possible for an attacke...
Denial of service
Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with...