GitHub

The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-81…

Blamer versions prior to 1.0.1 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of the arguments provided to blamer.
References

https://nvd.nist.gov/vuln/detail/CVE-2019-10807
https://snyk.io/vuln/SNYK-JS-BLA…

Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2136
…

Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencrypted in its global configuration file on the Jenkins master where it can be viewed by users with access to the master file system.
References

https://nvd.nist.gov/vuln/detail/CVE-2…

Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-2109
https://jenkins.io/security/advisory…

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations.
References

https://nvd.ni…

Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the “gcov-args” argument.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-7596
https://snyk.io/vuln/SNYK-JS-CODECOV-543183
https://github.com/advisories/GHS…

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Cont…

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka ‘ASP.NET Core Denial of Service Vulnerability’.
References

https://nvd.nist.gov/vuln/detail/CVE-2020-0602
https://access.redhat.com/errata/RHSA-2020:0130
h…

A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘ASP.NET…