automation-engine's People
automation-engine's Issues
A new vulnerability was discovered: CVE-2020-13305
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181511
A new vulnerability was discovered: CVE-2021-22189
Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/211312
A new vulnerability was discovered: CVE-2020-7733
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181877
A new vulnerability was discovered: CVE-2020-13306
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Webhook feature could be abused to perform denial of service attacks due to the lack of rate limitation.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181512
A new vulnerability was discovered: CVE-2020-13302
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181508
A new vulnerability was discovered: CVE-2020-13340
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183879
A new vulnerability was discovered: CVE-2020-13293
In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexadecimal name could override an existing hash.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/178253
A new vulnerability was discovered: CVE-2020-13355
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187552
A new vulnerability was discovered: CVE-2019-19919
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's proto and defineGetter properties, which may allow an attacker to execute arbitrary code through crafted payloads.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/139915
A new vulnerability was discovered: CVE-2020-13310
A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181516
A new vulnerability was discovered: CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51355
A new vulnerability was discovered: CVE-2021-22202
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a CSRF in System hooks through the API.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212845
A new vulnerability was discovered: CVE-2020-13339
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183878
A new vulnerability was discovered: CVE-2021-23383
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/217719
A new vulnerability was discovered: CVE-2020-13324
A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/182348
A new vulnerability was discovered: CVE-2020-13274
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/174129
A new vulnerability was discovered: debricked-171
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207147
A new vulnerability was discovered: debricked-155741
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207901
A new vulnerability was discovered: CVE-2020-13271
A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/173394
A new vulnerability was discovered: CVE-2020-13349
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187546
A new vulnerability was discovered: CVE-2020-10977
GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/155503
A new vulnerability was discovered: CVE-2018-1000620
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/109869
A new vulnerability was discovered: CVE-2020-8203
Prototype pollution attack when using _.zipObjectDeep in lodash <= 4.17.15.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/177228
A new vulnerability was discovered: CVE-2019-13011
An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template names. It has excessive algorithmic complexity.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/147741
A new vulnerability was discovered: CVE-2021-27292
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212053
A new vulnerability was discovered: CVE-2020-14155
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/173728
A new vulnerability was discovered: CVE-2020-13342
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183880
A new vulnerability was discovered: CVE-2020-28275
Prototype pollution vulnerability in 'cache-base' versions 0.7.0 through 4.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/204989
A new vulnerability was discovered: CVE-2020-7793
The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/203548
A new vulnerability was discovered: CVE-2021-23337
All versions of package lodash; all versions of package org.fujion.webjars:lodash are vulnerable to Command Injection via template.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/210290
A new vulnerability was discovered: CVE-2020-7788
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/203544
A new vulnerability was discovered: CVE-2009-4590
Cross-site scripting (XSS) vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48668
A new vulnerability was discovered: CVE-2020-13334
In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183874
A new vulnerability was discovered: CVE-2020-13309
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a blind SSRF attack through the repository mirroring feature.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181515
A new vulnerability was discovered: CVE-2021-23343
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/217918
A new vulnerability was discovered: CVE-2020-13315
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181521
A new vulnerability was discovered: CVE-2020-13356
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187553
A new vulnerability was discovered: CVE-2002-1647
The quick login feature in Slash Slashcode does not redirect the user to an alternate URL when the wrong password is provided, which makes it easier for remote web sites to guess the proper passwords by reading the username and password from the Referrer URL.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/84779
A new vulnerability was discovered: CVE-2008-2553
Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/51658
A new vulnerability was discovered: CVE-2009-4592
Unspecified vulnerability in base_local_rules.php in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to include arbitrary local files via unknown vectors.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/48670
A new vulnerability was discovered: CVE-2020-13297
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. When 2 factor authentication was enabled for groups, a malicious user could bypass that restriction by sending a specific query to the API endpoint.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181503
A new vulnerability was discovered: CVE-2020-13301
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was vulnerable to a stored XSS on the standalone vulnerability page.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/181507
A new vulnerability was discovered: CVE-2020-13294
In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not revoked when a user revoked access to an application.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/178254
A new vulnerability was discovered: CVE-2020-13348
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187545
A new vulnerability was discovered: CVE-2020-13352
Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/187549
A new vulnerability was discovered: CVE-2021-22176
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212373
A new vulnerability was discovered: debricked-149712
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/207760
A new vulnerability was discovered: CVE-2020-13332
Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/183872
A new vulnerability was discovered: CVE-2020-13280
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/178502
A new vulnerability was discovered: CVE-2021-22193
An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a private group was able to validate the use of a specific name for private project.
Read more at Debricked: https://app.debricked.com/en/service/vulnerability/212379
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.