2 matches found
GHSA-6JR7-99PF-8VGF @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks
Impact When TechDocs is configured with runIn: local, a malicious actor who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. Patches Upgrade to @backstage/plugin-techdocs-node version 1.13.11, 1.14.1...
PT-2023-4177 · Mlflow · Mlflow
Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.6.0 Description: The issue exists due to the failure to neutralize special elements used in an operating system command. This could allow an attacker to execute arbitrary commands or cause a denial of service. The...