The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.
More Stories
python-idna-3.7-1.fc39
FEDORA-2024-9176fdb518 Packages in this update: python-idna-3.7-1.fc39 Update description: Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651 Read More
USN-6737-1: GNU C Library vulnerability
Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this...
glibc-2.37-19.fc38
FEDORA-2024-f7ae5df88d Packages in this update: glibc-2.37-19.fc38 Update description: This update includes several bug fixes from the upstream glibc release branch,...
glibc-2.38-18.fc39
FEDORA-2024-9be1b94714 Packages in this update: glibc-2.38-18.fc39 Update description: This update includes several bug fixes from the upstream glibc release branch,...
python-idna-3.7-1.fc40
FEDORA-2024-098b5d9719 Packages in this update: python-idna-3.7-1.fc40 Update description: Update to 3.7 (rhbz#2274439), security fix for CVE-2024-3651 Read More
thunderbird-115.10.0-1.fc39
FEDORA-2024-9435d59fbd Packages in this update: thunderbird-115.10.0-1.fc39 Update description: Update to 115.10.0 https://www.thunderbird.net/en-US/thunderbird/115.10.0/releasenotes/ Read More