The GitHub Actions ToolKit provides a set of packages to make creating actions easier. The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specif ...

Continue Reading

August 19, 2022

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhJnkzlc7_7RrO_NtOXkidmrW8fpEg0zU-JeD-Q_JuMlobXkJXMA2zMWJpqCEAmMsTbkGH0WaNOJvjV3FEkhZGMbJO-PEWaSeD00-Ii97Hvzl4cfY27K1OGgpK1U_CC_6GVynSXf6- ...

Continue Reading

August 19, 2022

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9720 advisory. - A vulnerability was found in CRI-O that causes memory or di ...

Continue Reading

August 19, 2022

Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user creden ...

Continue Reading

August 18, 2022

## Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that us ...

Continue Reading

August 18, 2022

### Impact The default landing page contained HTML to display a sample `curl` command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is ...

Continue Reading

August 18, 2022

**Summary** As part of a Kubevirt audit performed by NCC group, a finding dealing with systemic lack of path sanitization which leads to a path traversal was identified. Google tested the exploitabil ...

Continue Reading

August 18, 2022

### Impact `=Read More ...

Continue Reading

August 18, 2022