cosign verify-attestation used with the –type flag will report a false positive verification when:
There is at least one attestation with a valid signature
There are NO attestations of the type being verified (–type defaults to “custom”)
This can h…
PolicyController will report a false positive, resulting in an admission when it should not be admitted when:
There is at least one attestation with a valid signature
There are NO attestations of the type being verified (–type defaults to “custom”)
…
The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cr…
OwningRef::map_with_owner is unsound and may result in a use-after-free.
OwningRef::map is unsound and may result in a use-after-free.
OwningRefMut::as_owner and OwningRefMut::as_owner_mut are unsound and may result in a use-after-free.
The crate viol…
Affected packages
@ckeditor/ckeditor5-markdown-gfm
@ckeditor/ckeditor5-html-support
@ckeditor/ckeditor5-html-embed
Impact
A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages. The vulnerability allowed…
Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files.
However, the protections for these two vulnerabilities previously did not work co…
Impact
Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive informati…
Impact
What kind of vulnerability is it? Who is impacted?
The PGJDBC implementation of the java.sql.ResultRow.refreshRow() method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. ;, could …
Impact
ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, th…
Impact
The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace use…
