@braneframe/plugin-github (>=0.1.53-main.0b45885 <=0.6.7-staging.e9eb1ed), @dxos/plugin-github (>=0.6.8 <=0.7.4-staging.f7e8224) +26 more potentially affected by CVE-2020-8203 via lodash.update (=4.10.2)

lodash.update NPM version =4.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on lodash.update and may be impacted: - @braneframe/plugin-github =0.1.53-main.0b45885, =0.6.8, =0.2.19, =0.0.1, =5.5.0, =22.1.0, =5.2.0, =4.0.0, =1.0.0, =1.12.0, =1.0.0,...

PT-2013-1881 · Rpm · Rpm

Name of the Vulnerable Software and Affected Versions: RPM versions 4.10.x through 4.10.1 Description: The issue concerns the rpmpkgRead function in lib/package.c, which fails to return an error code when encountering an "unparseable signature" in certain situations. This allows remote attackers ...