CVSS: 10.0EPSS: 44%CPEs: 3EXPL: 2CVE-2020-13802 – Gentoo Linux Security Advisory 202405-30
https://notcve.org/view.php?id=CVE-2020-13802
01 Sep 2020 — Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. Las versiones 3.0.0-beta.3 a la versión 3.13.2 de Rebar3 son vulnerables a la inyección de comandos del sistema operativo a través del parámetro URL de especificación de dependencia A vulnerability has been discovered in Rebar3, which can lead to command injection. Versions greater than or equal to 3.14.4 are affected. • https://packetstorm.news/files/id/159027 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1000014
https://notcve.org/view.php?id=CVE-2019-1000014
04 Feb 2019 — Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0. Erlang/OTP Rebar3, desde la versión 3.7.0 hasta la 3.7.5, contiene una vulnerabilidad de oráculo de firma en la verificación de registros de paquetes que pu... • https://github.com/erlang/rebar3/pull/1986 •