28 matches found
EUVD-2021-34852
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...
EUVD-2021-34853
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...
CVE-2021-47986
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...
CVE-2021-47987
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository, pointing to an unreviewed personal fork with write access. No releases were published with these tags; a project exposing a vulnerability would require a git-...
CVE-2021-47987
Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...
CVE-2021-47986 Parse Server - Unreviewed Code Execution via Malicious Version Tags
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...
CVE-2021-47986
Parse Server exposes a supply-chain vulnerability affecting all versions before 4.10.0 where incorrect version tags were pushed to the repository, linking to unreviewed code in a personal fork. Attackers could specify affected version tags in dependency declarations to execute unreviewed and pote...
PT-2026-52608
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain incident occurred where incorrect version tags were pushed to the official repository. These tags pointed to an unreviewed personal fork of a contributor who had write access...
PT-2026-52607
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain issue exists where incorrect version tags were pushed to the repository, linking to unreviewed code from a personal fork. This allows attackers to execute unreviewed and...
BIT-GOLANG-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...
FreeBSD : go -- multiple vulnerabilities (096ab080-907c-11ec-bb14-002324b2fba8)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 096ab080-907c-11ec-bb14-002324b2fba8 advisory. - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that...
CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
Design/Logic Flaw
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...