14 matches found
EUVD-2021-19567
Malware in sbrugna...
EUVD-2024-1644
Malicious code in bioql PyPI...
GO-2022-0787 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer in github.com/datacharmer/dbdeployer
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer in github.com/datacharmer/dbdeployer...
dotmesh arbitrary file read and/or write
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312 GHSL-2020-254: Arbitrary file read and/or write in dotmesh
Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...
CVE-2020-26312
CVE-2020-26312 affects Dotmesh (versions 0.8.1 and prior) and stems from unsafe handling of symbolic links in the unpacking routine. The untarFile flow can be manipulated by a malicious tarball to create a symlink chain that escapes the target directory, enabling arbitrary file read and/or write ...
Arbitrary File Read
github.com/dotmesh-io/dotmesh is vulnerable to Arbitrary File Read. The vulnerability is due to the unsafe handling of symbolic links in an unpacking routine, allowing attackers to read and/or write to arbitrary locations outside the designated target folder...
Dotmesh 安全漏洞
Dotmesh is a git-like CLI open-sourced by Dotscience for capturing, organizing and sharing application state. A security vulnerability exists in Dotmesh 0.8.1 and earlier versions, which stems from the insecure handling of symbolic links in the unpacking routine, and could allow an attacker to re...
Remote code execution
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution...
GHSA-47WR-426J-FR82 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...
Design/Logic Flaw
bblfshd is an open source self-hosted server for source code parsing. In bblfshd before commit 4265465b9b6fb5663c30ee43806126012066aad4 there is a "zipslip" vulnerability. The unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary location...
Symlink Attack
github.com/datacharmer/dbdeployer is vulnerable to symlink attack. The unsafe handling of symbolic links in the unpacking routine allows an attacker to read and write to arbitrary locations outside of the designated target folder...