Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow

Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...

GHSA-4HQ2-RPGC-R8R7 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow

Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

CVE-2024-42370

Litestar (versions 2.10.0 and earlier) is affected by an environment variable injection flaw in the docs-preview.yml workflow. A crafted artifact can be introduced via the workflow’s artifact handling, potentially exposing DOCS_PREVIEW_DEPLOY_TOKEN and granting the attacker permissions to write i...

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow

Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...

Nginx SSI Variable Injection

The scanner has detected in the installed Nginx instance that a user input is being treated as an nginx variable. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...

CVE-2020-15228 Environment Variable Injection in GitHub Actions

In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...

GHSA-MFWH-5M23-J46W Environment Variable Injection in GitHub Actions

Impact The @actions/core npm module addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modifie...

Qmail SMTP 1.03 - Bash Environment Variable Injection

Exploit Title: Qmail SMTP 1.03 - Bash Environment Variable Injection Date: 2020-07-03 Exploit Author: 1F98D Original Authors: Mario Ledo, Mario Ledo, Gabriel Follon Version: Qmail 1.03 Tested on: Debian 9.11 x64 CVE: CVE-2014-6271 References: http://seclists.org/oss-sec/2014/q3/649...

CVE-2019-12997

CVE-2019-12997 affects Loopchain up to version 2.2.1.3. The issue is a privilege-escalation via environment manipulation, specifically injection in the DEFAULT_SCORE_HOST environment variable, enabling a low-privilege shell user to escalate privileges. The vulnerability is described with high-sev...

Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)

The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...

SUSE SLED12 / SLES12 Security Update : zsh (SUSE-SU-2018:1072-1)

This update for zsh fixes the following issues : - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...

Cross-site Scripting (XSS)

Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...

CVE-2017-11142

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/phpvariables.c...

TYPO3 Environment Variable Injection Vulnerability (Jul 2016)

TYPO3 is prone to an environment variable injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

Environment Variable Injection

It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle Component Type: TYPO3 CMS Release Date: July 19, 2016 Vulnerability Type: Environment Variable Injection Affected Versions: Versions 8.0.0 to...

SUSE-SU-2015:2337-1 Security update for rubygem-passenger

This update for rubygem-passenger fixes the following issues: - CVE-2015-7519: rubygem-passenger was not filtering the environment like apache is doing, allowing injection of environment variables bsc956281...

GLSA-201409-09 : Bash: Code Injection (Shellshock)

The remote host is affected by the vulnerability described in GLSA-201409-09 Bash: Code Injection Stephane Chazelas reported that Bash incorrectly handles function definitions, allowing attackers to inject arbitrary code. Impact : A remote attacker could exploit this vulnerability to execute...

bash: code execution via specially-crafted environment (Incomplete fix for CVE-2014-6271)

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell...