3 matches found
GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen
Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...
Authorization Bypass Through User-Controlled Key
Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the updateUserNotifications handler in...
PT-2023-19085 · Go-Unixfs · Go-Unixfs
Name of the Vulnerable Software and Affected Versions: go-unixfs versions prior to 0.4.3 Description: The issue is caused by trying to read malformed HAMT sharded directories, which can lead to panics and virtual memory leaks. If untrusted user input is being read, an attacker can trigger a panic...