CVSS: 9.0EPSS: 1%CPEs: 4EXPL: 0CVE-2022-23734 – Deserialization of Untrusted Data vulnerability in GitHub Enterprise Server leading to Remote Code Execution
https://notcve.org/view.php?id=CVE-2022-23734
19 Oct 2022 — A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported... • https://docs.github.com/en/enterprise-server%403.2/admin/release-notes#3.2.16 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2022-39209 – Uncontrolled Resource Consumption in cmark-gfm
https://notcve.org/view.php?id=CVE-2022-39209
15 Sep 2022 — cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. • https://en.wikipedia.org/wiki/Time_complexity • CWE-400: Uncontrolled Resource Consumption CWE-407: Inefficient Algorithmic Complexity •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35954 – Delimiter injection vulnerability in @actions/core exportVariable
https://notcve.org/view.php?id=CVE-2022-35954
13 Aug 2022 — The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB_ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author. Users should upgrade to `@actions/core v1.9.1`. If you are unable to... • https://github.com/actions/toolkit/commit/4beda9cbc00ba6eefe387a937c21087ccb8ee9df • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23733 – Stored XSS vulnerability in GitHub Enterprise Server leading to injection of arbitrary attributes
https://notcve.org/view.php?id=CVE-2022-23733
02 Aug 2022 — A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. Se identificó una vulnerabilidad de tipo XSS almacenado en GitHub Enterprise Server que permitía la inyección de atribut... • https://docs.github.com/en/enterprise-server%403.3/admin/release-notes#3.3.11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23732 – Path traversal in GitHub Enterprise Server management console leading to a bypass of CSRF protections
https://notcve.org/view.php?id=CVE-2022-23732
05 Apr 2022 — A path traversal vulnerability was identified in GitHub Enterprise Server management console that allowed the bypass of CSRF protections. This could potentially lead to privilege escalation. To exploit this vulnerability, an attacker would need to target a user that was actively logged into the management console. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.5 and was fixed in versions 3.1.19, 3.2.11, 3.3.6, 3.4.1. This vulnerability was reported via the GitHub Bug Bounty ... • https://docs.github.com/en/enterprise-server%403.1/admin/release-notes#3.1.19 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-33961
https://notcve.org/view.php?id=CVE-2021-33961
22 Mar 2022 — A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en enhanced-github versión v5.0.11, por medio del parámetro file name • https://github.com/softvar/enhanced-github/issues/96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 2CVE-2022-24724 – Integer overflow in table parsing extension leads to heap memory corruption
https://notcve.org/view.php?id=CVE-2022-24724
03 Mar 2022 — cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote ... • https://packetstorm.news/files/id/166599 • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-24722 – Cross-site Scripting in view_component
https://notcve.org/view.php?id=CVE-2022-24722
02 Mar 2022 — VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to t... • https://github.com/github/view_component/commit/3f82a6e62578ff6f361aba24a1feb2caccf83ff9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 3EXPL: 0CVE-2021-41599 – Improper control flow in GitHub Enterprise Server hosted Pages leads to remote code execution
https://notcve.org/view.php?id=CVE-2021-41599
17 Feb 2022 — A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.0.21, 3.1.13, 3.2.5. This vulnerability was reported via the GitHub Bug Bounty program. Se ha identificado una vuln... • https://docs.github.com/en/enterprise-server%403.0/admin/release-notes#3.0.21 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21687 – Command injection in gh-ost
https://notcve.org/view.php?id=CVE-2022-21687
01 Feb 2022 — gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads. gh-ost es una solución de migración... • https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f • CWE-20: Improper Input Validation •