sonarcloud-poc

SonarCloud PoC - SAST Test Projeto de teste para validar dete...

Sql injection

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

CVE-2024-21623

OTCLient (the Tibia OT server client) is affected by an expression injection in the GitHub Actions workflow for /mehah/otclient, specifically the Analyses - SonarCloud workflow. The vulnerability enables remote command execution, secret leakage, and repository alteration on the vulnerable runner....

CVE-2024-21623 Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets

OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "Analysis - SonarCloud" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and...

PT-2024-18975 · Otclient · Otclient

Name of the Vulnerable Software and Affected Versions: OTCLient versions prior to commit db560de0b56476c87a2f967466407939196dd254 Description: The issue concerns an expression injection vulnerability in the /mehah/otclient "Analysis - SonarCloud" workflow, allowing an attacker to run commands...

Review your security vulnerabilities in GitHub with code scanning alerts

Today, for GitHub repositories, our SAST analysis provides fast, precise security feedback directly inside your pull requests. You instantly know how many vulnerabilities are detected and, until now, you would systematically go to SonarCloud to start investigating. Not anymore. From this point...

Don't be afraid of XXE vulnerabilities: understand the beast and how to detect them

Today XML External Entities XXE vulnerabilities are still ubiquitous, despite the fact that recommendations to protect against them have been an integral part of security standards for years. In this post, the first in a series of three blog posts, we will try to demystify XXE vulnerabilities and...

Meet the new project experience for SonarCloud

We are very pleased to announce that we have released a new project experience. It’s now available in SonarCloud for all users. You’ll notice a few improvements the next time you open SonarCloud. We’re going to tell you more about what this makeover is about in this article. You may be wondering...

Product portals open: we want your input

SonarSource was born from open source software and most of what we do remains FLOSS, so openness and transparency have always been fundamental principles. With a recent change in how we approach product management, we've gone even further. We've recently opened up product portals on Productboard...

Know where your project stands with the new project overview!

In late April, I introduced the new project experience for SonarCloud, which has already been adopted by a lot of you. Today, we’re adding a brand new project overview page! We can’t wait for you to try it! Let’s discover what’s inside in this blog. Your project status & activity all in one place...

wordpress 5.7 授权XXE漏洞（CVE-2021-29447）

WordPress 5.7 XXE Vulnerability BY KARIM EL OUERGHEMMI|APRIL 26, 2021 At SonarSource, we are constantly improving our code analyzers and security rules. We recently improved our PHP security engine to detect more OWASP Top 10 and CWE Top 25 issue types. When testing our new analyzers against some...