Impact
GitHub CLI depends on a git.exe executable being found in system %PATH% on Windows. However, if a malicious .\git.exe or .\git.bat is found in the current working directory at the time of running gh, the malicious command will be invoked instead…
[github.com/containous/traefik/v2] Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Summary
There exists a potential open redirect vulnerability in Traefik’s handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issu…
お悩みハンドブック
Graffer COMPASS
お悩みハンドブック
Graffer COMPASS
Androidの次期バージョン「Android 13」、開発者プレビュー開始
米国時間の2月10日にAndroidの次期メジャーバージョン「Android 13」が発表され、開発…
Android 13 Developer Preview 1リリース:変更点と新機能
2022年2月10日10:00AM(現地時間)、GoogleよりAndroid 13 Developer Preivew1が発表されました。最新のAndroid 13(Android T, Android 13 t-DP […]
The post Android 13 Developer Preview 1リリース:変更点と新機能 first appeared on TechBooster.
ASUS、Intel Core m搭載で5万円以下の14.0型「Chromebook C425TA」
ASUS JAPANは2月10日、ディスプレイを180度開閉できるクラムシェルタイプのChromeb…
[org.jenkins-ci.main:jenkins-core] Deserialization of Untrusted Data in Jenkins Core
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
References
https://nvd.nist.gov/vuln/…
[engine.io] Resource exhaustion in engine.io
Engine.IO before 4.0.0 and 3.6.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport.
References
https://nvd.nist.gov/vuln/detail/CVE-2020-36048
https://github.com/socketio/engine.io/co…
Google、子どもたちのネットリテラシーを育むプログラムを公開
Googleの日本法人は2月8日、子どもたちがテクノロジーを安全にかつ最大限に活用できるようになるこ…