MAL-2024-10344 Malicious code in puppeteer-req-interceptor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15ace3c3ef68e8cff62f0dfa94786912c5a2f0c8b74608de84e77f01aa897734 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE-SU-2024:3843-1 Security update for 389-ds

This update for 389-ds fixes the following issues: - Persist extracted key path for ldapsslclientinit over repeat invocations bsc1230852 - Re-enable use of .dsrc basedn for dsidm commands bsc1231462 - Update to version 2.2.10git18.20ce9289: RFE: Use previously extracted key path Update dsidm to...

Malicious code in req-bans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 891a9d8d6df58ad3743a6ec2db7217d78ec1fe0a3d8bb938181ec4ac26ee5489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10278 Malicious code in req-bans (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 891a9d8d6df58ad3743a6ec2db7217d78ec1fe0a3d8bb938181ec4ac26ee5489 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10279 Malicious code in req-scopes (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff2585aad680d6ab6cfae142ed9f4aeac20d060968138d851b5daabe766969f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in req-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a9a1ab6f28d706cb286af274f9118a3e68076a1daca8d0c34a9499b9cbca5af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10251 Malicious code in req-scope (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 05048fd5770283947973e00b424f5a1810a67067ed3451a3bb5f9f5a5ce5d703 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10250 Malicious code in req-ban (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5a9a1ab6f28d706cb286af274f9118a3e68076a1daca8d0c34a9499b9cbca5af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GO-2024-3098 The req library may send an unintended request when a malformed URL is provided in github.com/imroc/req

The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...

GHSA-CJ55-GC7M-WVCQ req may send an unintended request when a malformed URL is provided

The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...

req may send an unintended request when a malformed URL is provided

The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

PT-2024-31514 · Req · Req

Name of the Vulnerable Software and Affected Versions: req package versions prior to 3.43.4 Description: The req package may send an unintended request when a malformed URL is provided, due to the cleanHost function in http.go using a "garbage in, garbage out" design. This can lead to security...

req 安全漏洞

req is a simple Go HTTP client using Black Magic by roc individual developers. A security vulnerability exists in versions prior to req 3.43.4, which stems from the deliberate garbage in, garbage out design of the cleanHost function in http.go, which may result in unintended requests being sent...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

CVE-2024-45258

CVE-2024-45258 affects the Go req package prior to 3.43.4. The root cause is the cleanHost implementation in http.go using a “garbage in, garbage out” design, which may cause the library to send an unintended HTTP request when a malformed URL is provided. Public documents describe potential secur...

CVE-2024-45258

The req package before 3.43.4 for Go may send an unintended request when a malformed URL is provided, because cleanHost in http.go intentionally uses a "garbage in, garbage out" design...

CVE-2023-52903 io_uring: lock overflowing for IOPOLL

In the Linux kernel, the following vulnerability has been resolved: iouring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at iouring/iouring.c:734 iocqringeventoverflow+0x1c0/0x230 iouring/iouring.c:734 CPU: 0 PID: 28 Comm:...

PT-2024-37543 · Grafana · Grafana

Name of the Vulnerable Software and Affected Versions: Grafana versions 11.1.0 through 11.1.1 Grafana versions 11.1.2 through 11.1.3 Description: Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted...