This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js.
Daily Archives: August 2, 2022
CVE-2020-28451
CVE-2020-28437
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.
CVE-2020-28434
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.
CVE-2020-28433
CVE-2020-28425
CVE-2020-28424
CVE-2020-28423
Opsera’s GitCustodian detects vulnerable data in source code
DevOps orchestration platform provider Opsera has announced the launch of GitCustodian, a new Software-as-a-Service (SaaS) product that detects and reports vulnerable data in code repositories including Gitlab, Github, and Bitbucket.
GitCustodian scans the code repositories for vulnerable data and alerts security and DevOps teams so that they can prevent vulnerabilities from leaking into production, protecting software development pipelines. Once vulnerabilities are found, the solution automates the remediation process for any uncovered secrets or other sensitive artifacts, Opsera says.
The release comes at a time of heightened awareness around data leaks in source code repositories. In April, GitHub revealed that attackers had used stolen authorization tokens to download private data stored on the platform.
Dark Web Research Suggests 87% of Ransomware brands Exploit Malicious Macros
The findings uncovered 475 web pages of elaborate ransomware products and services