lmhunterand
lmhunterand
## Changes: The `gojek/clickstream-ios` used cocoapods-downloader 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the `Pod::Downloader.preprocess_options` function and using git, both...
## Summary The project `logdna/logdna-agent-v2` used `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. Verified at `0.22` and `0.23 rustls`, but `0.21` and `0.20` release lines are...
The project used `asthttp` is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in...
## Description Summary The HTTP/2 protocol allows clients to indicate to the server that a previous stream should be canceled by sending a RST_STREAM frame. The protocol does not require...
Affected of this project `EpicGames/BlenderTools` are vulnerable to Access Control Bypass via the server.fs.deny option. An attacker can gain access to sensitive files by requesting raw filesystem paths using case-augmented...
### Description Affected by this project `redis/node-redis` is vulnerable to Incomplete List of Unallowed Inputs when using plugins that rely on internal Babel `path.evaluate()` or `path.evaluateTruthy()` methods. ## Proof of...
fix https://github.com/redis/node-redis/issues/2755 Requesting fixed vulnerable Using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely...
`fireblocks-sdk-js` used semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS)...
### Name imhunterand