Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-frqc-f2h8-fjvf: Spring for GraphQL may be exposed to GraphQL context with values from a different session

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry.

ghsa
Open in Source
#git#java#maven
CVE-2023-5084: Multiple Self-XSS Vulnerabilites in hestiacp

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.

CVE-2023-5084: Fix XSS in edit server and add package · hestiacp/hestiacp@5131f5a

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far: @am-fe/hooks, @am-fe/provider, @am-fe/request, @am-fe/utils, @am-fe/watermark, @am-fe/watermark-core,

GitLab Releases Urgent Security Patches for Critical Vulnerability

GitLab has shipped security patches to resolve a critical flaw that allows an attacker to run pipelines as another user. The issue, tracked as CVE-2023-5009 (CVSS score: 9.6), impacts all versions of GitLab Enterprise Edition (EE) starting from 13.12 and prior to 16.2.7 as well as from 16.3 and before 16.3.4. "It was possible for an attacker to run pipelines as an arbitrary user via scheduled

GHSA-8c8w-f7wp-2jr2: Sender can cause a receiver to overwrite files during ZIP extraction in Croc

An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.

GHSA-364c-vvqx-446c: Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device

An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.

GHSA-hp56-xvf4-g6wr: Cros secrets may be disclosed to untrusted relay

An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.

GHSA-ppjh-xp5v-46wc: Croc sender may send dangerous new files to receiver

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a `.ssh/authorized_keys` file.

GHSA-7mp6-929p-pqhj: Croc requires senders to provide local IP addresses in cleartext

An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an `ips?` message.