admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-11-13 17:01:40 +00:00
parent 2dc5611292
commit 163454f82c
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2020/15xxx/CVE-2020-15802.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709",
"url": "https://gizmodo.com/bluetooth-unveils-its-latest-security-issue-with-no-se-1845013709"
},
{
"refsource": "CONFIRM",
"name": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/",
"url": "https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/"
}
]
}

2
2020/26xxx/CVE-2020-26222.json
View File

@ -35,7 +35,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go.\nIn Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code.\n\nFor example, if Dependabot is configured to use the following source branch name: \"/$({curl,127.0.0.1})\", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository.\n\nThe fix was applied to version 0.125.1.\n\nAs a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class."
"value": "Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: \"/$({curl,127.0.0.1})\", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class."
}
]
},