Security
Headlines

Headlines Latest CVEs

Headline

GHSA-6f9p-g466-f8v8: blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (–) to communicate the end of options.

1 year ago

blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API

Moderate severity GitHub Reviewed Published Sep 19, 2023 to the GitHub Advisory Database • Updated Sep 21, 2023

Related news

CVE-2023-26143: Snyk Vulnerability Database | Snyk

Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.

1 year ago

#vulnerability #js #git #intel #perl #auth

ghsa: Latest News

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection

1 day ago

GHSA-8596-2jgr-ppj7: Amazon Redshift JDBC Driver vulnerable to SQL Injection

1 day ago

GHSA-xx95-62h6-h7v3: lgsl Stored Cross-Site Scripting vulnerability

1 day ago

GHSA-x52f-h5g4-8qv5: Marp Core allows XSS by improper neutralization of HTML sanitization

1 day ago

GHSA-76h9-2vwh-w278: Apache MINA Deserialization RCE Vulnerability

2 days ago