CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

EUVD-2023-2227

Malicious code in bioql PyPI...

EUVD-2023-2184

Malicious code in bioql PyPI...

Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint

Summary In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license view that does not exist. Details In the /license/ endpoint, the licensedetailsview...

CVE-2023-40024

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

Cross site scripting

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

CVE-2023-40024 Reflected Cross-Site Scripting (XSS) in scancode.io license endpoint

ScanCode.io is a server to script and automate software composition analysis pipelines. In the /license/ endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting XSS vulnerability when attempting to access a detailed license vie...

CVE-2023-40024

ScanCode.io (server for software composition analysis) is affected by a reflected XSS in the /license/ endpoint. The vulnerability arises from inadequate validation/sanitization of the license key in license_details_view, allowing an attacker to inject script content that is echoed in the respons...

ScanCode Cross-Site Scripting Vulnerability

ScanCode is an open source tool for analyzing and scanning source code for open source license information and potential intellectual property issues. A cross-site scripting vulnerability exists in ScanCode.io 32.5.1 and earlier versions, which stems from a reflected cross-site scripting XSS...

PT-2023-5949 · Unknown · Scancode.Io

Name of the Vulnerable Software and Affected Versions: ScanCode.io versions prior to 32.5.2 Description: The issue arises from inadequate validation and sanitization of the key parameter in the /license/ endpoint, specifically in the license details view function. This can result in a potential...

CVE-2023-39523

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

Command injection

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

CVE-2023-39523

CVE-2023-39523 affects ScanCode.io prior to 32.5.1. The vulnerability is a command injection in fetch_docker_image: docker_reference is user-controlled and passed to get_docker_image_platform, which builds a shell command that is executed without sanitization. A malicious user could inject comman...

CVE-2023-39523 ScanCode.io command injection in docker image fetch process

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

CVE-2023-39523 ScanCode.io command injection in docker image fetch process

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

CVE-2023-39523 ScanCode.io command injection in docker image fetch process

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. In the...

ScanCode Command Injection Vulnerability

ScanCode is an open source tool for analyzing and scanning source code for open source license information and potential intellectual property issues. A command injection vulnerability exists in ScanCode.io versions prior to 32.5.1, which stems from a command injection vulnerability in the...