GHSA-27wf-5967-98gx:  Kubernetes kubelet arbitrary command execution

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.

**Codecov prior to 2.0.16 does not sanitize gcov arguments**

Moderate severity GitHub Reviewed Published Jul 14, 2022 • Updated Jul 15, 2022

Headline

GHSA-h3qr-fjhm-jphw: Codecov prior to 2.0.16 does not sanitize gcov arguments

Related news

ghsa: Latest News