167 matches found
PT-2024-31779 · Arduino · Arduino-Esp32
Name of the Vulnerable Software and Affected Versions: arduino-esp32 affected versions not specified Description: The issue concerns multiple Poisoned Pipeline Execution PPE vulnerabilities in the arduino-esp32 CI, including code injection in the tests results.yml workflow and environment variabl...
Apache Mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache modcgi Bash Environment Variable Injection Shellshock Scanner', 'Description' = %q This module scans for the Shellshock vulnerability, a...
CVE-2024-42370
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
Litestar 安全漏洞
Litestar is a powerful, flexible but stubborn ASGI framework open-sourced by Litestar. A security vulnerability exists in Litestar version 2.10.0 and prior versions that stems from vulnerability to environment variable injection attacks, leading to confidentiality disclosure and repository...
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...
GHSA-4HQ2-RPGC-R8R7 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Withdrawn Advisory This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the litestar package. While the information in the advisory is still valid, users of the litestar package are n...
CVE-2024-42370
Litestar (versions 2.10.0 and earlier) is affected by an environment variable injection flaw in the docs-preview.yml workflow. A crafted artifact can be introduced via the workflow’s artifact handling, potentially exposing DOCS_PREVIEW_DEPLOY_TOKEN and granting the attacker permissions to write i...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
CVE-2024-42370 Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow
Litestar is an Asynchronous Server Gateway Interface ASGI framework. In versions 2.10.0 and prior, Litestar's docs-preview.yml workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation. This issue grants a malicious actor the...
Nginx SSI Variable Injection
The scanner has detected in the installed Nginx instance that a user input is being treated as an nginx variable. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...
CVE-2020-15228 Environment Variable Injection in GitHub Actions
In the @actions/core npm module before version 1.2.6,addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment...
GHSA-MFWH-5M23-J46W Environment Variable Injection in GitHub Actions
Impact The @actions/core npm module addPath and exportVariable functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modifie...
Qmail SMTP 1.03 - Bash Environment Variable Injection
Exploit Title: Qmail SMTP 1.03 - Bash Environment Variable Injection Date: 2020-07-03 Exploit Author: 1F98D Original Authors: Mario Ledo, Mario Ledo, Gabriel Follon Version: Qmail 1.03 Tested on: Debian 9.11 x64 CVE: CVE-2014-6271 References: http://seclists.org/oss-sec/2014/q3/649...
CVE-2019-12997
CVE-2019-12997 affects Loopchain up to version 2.2.1.3. The issue is a privilege-escalation via environment manipulation, specifically injection in the DEFAULT_SCORE_HOST environment variable, enabling a low-privilege shell user to escalate privileges. The vulnerability is described with high-sev...
Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)
The extension uses an old version of the third party library guzzlehttp/guzzle, which is known to be vulnerable against the HTTPOXY attack. Read or for further details...
SUSE SLED12 / SLES12 Security Update : zsh (SUSE-SU-2018:1072-1)
This update for zsh fixes the following issues : - CVE-2014-10070: environment variable injection could lead to local privilege escalation bnc1082885 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. bnc1082977 - CVE-2014-10072: buffer overflow In utils.c when scanning...
Cross-site Scripting (XSS)
Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...
CVE-2017-11142
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/phpvariables.c...
TYPO3 Environment Variable Injection Vulnerability (Jul 2016)
TYPO3 is prone to an environment variable injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...