10 matches found
CVE-2026-13540 GitBucket RepositoryCreationService.scala Git.cloneRepository.setURI server-side request forgery
A security flaw has been discovered in GitBucket up to 4.46.1. This affects the function Git.cloneRepository.setURI of the file src/main/scala/gitbucket/core/service/RepositoryCreationService.scala. Performing a manipulation of the argument url results in server-side request forgery. The attack i...
EUVD-2024-2897
Malicious code in bioql PyPI...
CVE-2024-8986
A flaw was found in grafana-plugin-sdk-go package. The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository UR...
GHSA-XXXW-3J6H-Q7H6 Grafana plugin SDK Information Leakage
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
Grafana plugin SDK Information Leakage
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
CVE-2024-8986
CVE-2024-8986 is tied to Grafana’s grafana-plugin-sdk-go which embeds build metadata in binaries, including the repository URL obtained via git remote get-url origin. If credentials are present in that URL, the final binary may contain the full URI with credentials, creating a risk of credential ...
CVE-2024-8986 Information Leakage in grafana-plugin-sdk-go
The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running git remote get-url origin. If credentials are included in the repository URI for instance, to allow for fetching of private...
Atlassian Fisheye for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability
According to its self-reported version, the installation of Atlassian Fisheye running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository U...
Design/Logic Flaw
Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...
Argument injection through Mercurial repository uri handling on Windows - CVE-2018-5224
Bamboo did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to do one or more of the following: create a repository in Bamboo edit an existing plan in Bamboo that has a...