Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
GoogleBazel

2 matches found

CVE
CVEadded 2022/10/26 12:0 a.m.95 views

CVE-2022-3474

CVE-2022-3474 concerns a flaw in Bazel's remote assets API where bad credential handling causes all user-provided credentials to be sent instead of only the required ones. Affected are Bazel versions prior to 5.3.2 and 4.2.3. The consequence is credential exposure for requests using this API. The...

5.1CVSS4.5AI score0.00213EPSS
CVE
CVEadded 2021/04/16 10:15 a.m.52 views

CVE-2021-22539

CVE-2021-22539 affects vscode-bazel. A crafted JSON config file in the project folder can point to a custom executable, because vscode-bazel allows the workspace path to lint *.bzl files to be set via this config. This enables execution of any executable on the system through vscode-bazel. The re...

8.2CVSS7.8AI score0.0031EPSS