Security
Headlines

Headlines Latest CVEs

Headline

GHSA-8r6j-v8pm-fqw3: Code injection in fsevents

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.

1 year ago

#amazon #git #java

Code injection in fsevents

Moderate severity GitHub Reviewed Published Oct 6, 2023 to the GitHub Advisory Database • Updated Oct 9, 2023

Related news

CVE-2023-45311: hugo-cloudflare-docs/package-lock.json at e0f7cfa195af8ef1bfa51a487be7d34ba298ed06 · cloudflare/hugo-cloudflare-docs

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.

1 year ago

#vulnerability #amazon #js #git #java

ghsa: Latest News

GHSA-5jfw-gq64-q45f: HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

7 hours ago

GHSA-hrxh-9w67-g4cv: Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata

7 hours ago

GHSA-m5vv-7jxc-8p6x: Redaxo Core CMS Cross Site Scripting (XSS)

9 hours ago

GHSA-p7f6-8mcm-fwv3: Statamic CMS has a Path Traversal in Asset Upload

10 hours ago

GHSA-2x2g-32r7-p4x8: Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider

18 hours ago