Lucene search
K

28 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2021-34852

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS6AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago4 views

EUVD-2021-34853

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2021-47986

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added last week10 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository, pointing to an unreviewed personal fork with write access. No releases were published with these tags; a project exposing a vulnerability would require a git-...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week11 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added last week18 views

CVE-2021-47986 Parse Server - Unreviewed Code Execution via Malicious Version Tags

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added last week9 views

CVE-2021-47986

Parse Server exposes a supply-chain vulnerability affecting all versions before 4.10.0 where incorrect version tags were pushed to the repository, linking to unreviewed code in a personal fork. Attackers could specify affected version tags in dependency declarations to execute unreviewed and pote...

7.7CVSS6AI score0.0012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52608

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain incident occurred where incorrect version tags were pushed to the official repository. These tags pointed to an unreviewed personal fork of a contributor who had write access...

7.7CVSS5.8AI score0.0012EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52607

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain issue exists where incorrect version tags were pushed to the repository, linking to unreviewed code from a personal fork. This allows attackers to execute unreviewed and...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 11:2 a.m.28 views

BIT-GOLANG-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

7.5CVSS8.4AI score0.02698EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/08/10 10:13 a.m.4 views

golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/13 12:34 p.m.3 views

golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/01 11:48 a.m.3 views

golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/05/10 2:2 p.m.2 views

golang: cmd/go: misinterpretation of branch names can lead to incorrect access control

A flaw was found in the go package of the cmd library in golang. The go command could be tricked into accepting a branch, which resembles a version tag. This issue could allow a remote unauthenticated attacker to bypass security restrictions and introduce invalid or incorrect tags, reducing the...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/02/18 12:0 a.m.42 views

FreeBSD : go -- multiple vulnerabilities (096ab080-907c-11ec-bb14-002324b2fba8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 096ab080-907c-11ec-bb14-002324b2fba8 advisory. - Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that...

9.1CVSS8AI score0.03015EPSS
Exploits0References7
OSV
OSV
added 2022/02/11 1:15 a.m.28 views

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

7.5CVSS6.5AI score
Exploits0References4
NVD
NVD
added 2022/02/11 1:15 a.m.27 views

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

7.5CVSS0.02698EPSS
Exploits0References4
Prion
Prion
added 2022/02/11 1:15 a.m.27 views

Design/Logic Flaw

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

5CVSS8.1AI score0.02698EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/11 1:15 a.m.4 views

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2022/02/11 1:15 a.m.52 views

CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...

7.5CVSS7.1AI score0.02698EPSS
Exploits0References2
Rows per page
Query Builder