Jörmungandrk
Jörmungandrk
https://github.com/aws-amplify/amplify-cli/blob/c85ed14b2fe61c09a026f7bb7c82857b5227dff2/packages/amplify-e2e-core/src/utils/index.ts#L81-L81 fix the issue should avoid constructing the shell command as a single string and instead pass the command and its arguments as an array to `execa.commandSync`. This approach prevents...
https://github.com/ValveSoftware/GameNetworkingSockets/blob/725e273c7442bac7a8bc903c0b210b1c15c34d92/src/tier1/utlmemory.cpp#L21-L21 fix the issue need to ensure that the multiplication is performed using a larger type (e.g., `size_t`) to prevent overflow. This can be achieved by explicitly casting one of...
an integer overflow caused by performing a multiplication between two unsigned 32-bit integers and then casting the result to a larger data type (`size_t`) after the multiplication. This cast does...
## Ticket 🎟️ #363 fix the problem, we need to ensure that the multiplication is performed using a larger integer type to avoid overflow. This can be achieved by casting...
https://github.com/ValveSoftware/GameNetworkingSockets/blob/725e273c7442bac7a8bc903c0b210b1c15c34d92/src/tier1/utlmemory.cpp#L21-L21 This rule finds code that converts the result of an integer multiplication to a larger type. Since the conversion applies after the multiplication, arithmetic overflow may still occur. The...
https://github.com/mongodb/mongo/blob/0a68308f0d39a928ed551f285ba72ca560c38576/src/third_party/wiredtiger/src/docs/style/header-web.html#L42-L42 Extracting text from a DOM node and interpreting it as HTML can lead to a cross-site scripting vulnerability. A webpage with this vulnerability reads text from the DOM, and...
https://github.com/apache/beam/blob/75cf7e182c9af656db147050f2cab1b7b374ee97/sdks/go/pkg/beam/core/runtime/xlangx/expansionx/download.go#L142-L164 To fix the issue, we need to validate the file paths extracted from the zip archive to ensure they do not contain directory traversal elements (`..`) and are confined...
https://github.com/matomo-org/matomo/blob/6b6ab13f3197015a39e36ce80520cca84ce72bc6/libs/jqplot/jqplot.themeEngine.js#L691-L691 fix the prototype pollution vulnerability in the `$.jqplot.extend` function: 1. Add a check to block dangerous property names (`__proto__` and `constructor`) from being copied. 2. Ensure that the function...
https://github.com/microsoft/LightGBM/blob/f91dcfee8baf5fe329bfddadf38577f6443fdf18/python-package/lightgbm/dask.py#L71-L71 Fix the issue the socket should be bound to a specific interface instead of all interfaces. This can be achieved by replacing the empty string (`""`) with a specific...
https://github.com/h2oai/h2o-3/blob/e6a314be0804d41a70deff25ab4e924e7e1b6669/h2o-extensions/xgboost/src/main/java/hex/tree/xgboost/remote/RemoteXGBoostUploadServlet.java#L27-L27 fix the issue need to validate the `model_key` parameter before using it to construct a file path. The validation should ensure that the `model_key` does not contain any path...