Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.13 views

uutils coreutils has an Improper Input Validation Issue in its cut Utility

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.5AI score0.00157EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS5.3AI score0.00074EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.12 views

uutils coreutils has an Incorrect Provision of Specified Functionality Issue

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

3.3CVSS5.4AI score0.00149EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

uutils coreutils has an Improper Input Validation Issue in its env Utility

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.3AI score0.00102EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pmfc-4wjj-gmhx. This link is maintained to preserve external references. Original Description A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when usi...

3.3CVSS6AI score0.00182EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has an Improper Handling of Unicode Encoding Issue

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

3.3CVSS5.4AI score0.00143EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has an Incorrect Authorization issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-47c7-qrm7-mqw7. This link is maintained to preserve external references. Original Description The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

Duplicate Advisory: uutils coreutils's User Interface (UI) Misrepresents Critical Information

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xv5w-cw7x-72gj. This link is maintained to preserve external references. Original Description The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

Duplicate Advisory: uutils coreutils has an Improper Handling of Unicode Encoding Issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jcjr-rh8q-7xqf. This link is maintained to preserve external references. Original Description A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8...

5.5CVSS5.9AI score0.00121EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup via ftsaccpath rather than binding the traversal and label application to the specific directory...

5.8CVSS5.3AI score0.00088EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils has a UNIX Symbolic Link (Symlink) Following issue

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

5CVSS5.2AI score0.00138EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.6 views

Duplicate Advisory: uutils coreutils has an Improper Input Validation issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p6rv-2qpm-fwvg. This link is maintained to preserve external references. Original Description An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.6 views

Duplicate Advisory: uutils coreutils has a Link Following issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h444-6j9x-p8vh. This link is maintained to preserve external references. Original Description The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

uutils coreutils has an Unchecked Return Value Issue

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

3.3CVSS5.4AI score0.00115EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.3AI score0.00091EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9hw-mj3w-phcq. This link is maintained to preserve external references. Original Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils Uses Incorrectly-Resolved Name or Reference

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8vrf-r662-2w2v. This link is maintained to preserve external references. Original Description The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block devic...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.13 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

6.3CVSS5.3AI score0.00104EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.2AI score0.00132EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wv33-5pxh-r7j7. This link is maintained to preserve external references. Original Description The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is...

3.3CVSS5.9AI score0.00135EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils has a Link Following issue

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS5.6AI score0.00105EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils has a Link Following Issue Via rm Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cr3-h577-g38j. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6gcw-w7cp-94g9. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Incorrect Permission Assignment for Critical Resource

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.2AI score0.00114EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwm6-q8ch-hcfr. This link is maintained to preserve external references. Original Description A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the ...

6.3CVSS6AI score0.00108EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.5AI score0.00091EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.6 views

uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.2AI score0.00125EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has an Improper Check for Unusual or Exceptional Conditions

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-p7h3-7q52-72w8. This link is maintained to preserve external references. Original Description The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte...

4.4CVSS6AI score0.0017EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.13 views

Duplicate Advisory: uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3wfc-mgpm-9rq6. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-239g-2685-54x3. This link is maintained to preserve external references. Original Description The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during...

6.3CVSS6AI score0.00118EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mj6p-44ch-cq69. This link is maintained to preserve external references. Original Description The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local attacker with write access to the parent directory can swap the newly created FIFO for a symbolic link...

7CVSS5.5AI score0.00147EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.5 views

Duplicate Advisory: uutils coreutils has a Path Traversal issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89p7-7cq3-hhr2. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect t...

5.6CVSS6.1AI score0.00166EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w6xc-g9qj-vp32. This link is maintained to preserve external references. Original Description The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU...

3.6CVSS5.9AI score0.0018EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect, causing an immediate crash when encountering valid but non-UTF-8 paths. This diverg...

5.5CVSS5.2AI score0.00134EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS5.2AI score0.00091EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6AI score0.00136EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils allows unauthorized modification of permissions on existing files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pmf6-rcx4-v53v. This link is maintained to preserve external references. Original Description A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files...

7.1CVSS6AI score0.00165EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references. Original Description A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.28 views

Duplicate Advisory: uutils coreutils allows users to bypass the --preserve-root safety mechanism

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c7q-4928-8445. This link is maintained to preserve external references. Original Description A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism...

7.3CVSS6AI score0.00175EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.15 views

Silverpeas Core has a reflected cross-site scripting vulnerability

A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...

6.1CVSS5.3AI score0.00188EPSS
Exploits1References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2w8r-9xj7-69j5. This link is maintained to preserve external references. Original Description The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils incorrectly handles exit codes when processing multiple files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4x34-chg5-mwjj. This link is maintained to preserve external references. Original Description The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multipl...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils has a Link Following Issue

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...

5.3CVSS5.2AI score0.00096EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:44 p.m.8 views

Inspektor Gadget: Command Injection via malicious buildOptions manipulation

Impacted Resources inspektor-gadget/cmd/common/image/build.go inspektor-gadget/cmd/common/image/helpers/Makefile.build Description The ig binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file...

7.8CVSS6AI score0.01281EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:43 p.m.15 views

i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

8.2CVSS5.8AI score0.00292EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:42 p.m.9 views

i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes

Summary Versions of i18nextify prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in src/localize.js replaceInside handler around line 122 only guards against a duplicated http:// origin prefix ...

4.7CVSS5.9AI score0.00144EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:41 p.m.25 views

i18next-http-backend has Path Traversal & URL Injection via Unsanitised lng/ns

Summary Versions of i18next-http-backend prior to 3.0.5 interpolate the lng and ns values directly into the configured loadPath / addPath URL template without any encoding, validation, or path sanitisation. When an application exposes the language-code selection to user-controlled input the defau...

9.1CVSS5.8AI score0.00251EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:40 p.m.15 views

i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters

Summary Versions of i18next-http-middleware prior to 3.9.3 pass user-controlled lng and ns parameters to two internal paths that use them in ways that enable prototype pollution and, depending on the configured backend, path traversal or SSRF. The vulnerable entry points are unauthenticated HTTP...

8.6CVSS5.8AI score0.0031EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 5:38 p.m.8 views

Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API

Summary The /aggregate/:typename endpoint accepted column and group query parameters that were passed verbatim to goqu.L — a raw SQL literal expression builder — without any validation. This bypassed all parameterization and allowed authenticated users with any valid session to inject arbitrary S...

8.3CVSS5.9AI score0.00345EPSS
Exploits0References4Affected Software1
Total number of security vulnerabilities33225