Malicious code in prettier-lint-lenz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 28f7035dda69170600724a31f4b3543e02ac23c9153f3a62c35f2ee5264eef44 Package impersonates the popular prettier formatter — README and description are copied verbatim from the real Prettier project, but the package ship...

EUVD-2023-26544

Malicious code in bioql PyPI...

SonarQube 操作系统命令注入漏洞

SonarQube is a code inspection tool from Sonar Open Source. An operating system command injection vulnerability exists in SonarQube versions 4.0.0 through prior to 6.0.0, which stems from a failure to properly validate user input on the Windows runner and could lead to arbitrary command execution...

CVE-2023-22381 Code injection in GitHub Enterprise Server leading to arbitrary environment variables in GitHub Actions

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to...

PT-2020-13488 · Gitlab · Gitlab Runner +1

Name of the Vulnerable Software and Affected Versions: Gitlab runner versions prior to 13.2.4 Gitlab runner versions prior to 13.3.2 Gitlab runner versions prior to 13.4.1 Description: A command injection issue was discovered. When the runner is configured on a Windows system with a docker...