Errors returned by ghinstallation.Transport can include the JWT used for the failed operation. If the error is exposed to an untrusted party, this JWT could be extracted and used to authenticate furth ...

Continue Reading

22 декабря, 2022

# CVE-2022-39304 ghinstallation provides transport, which imple...Read More ...

Continue Reading

22 декабря, 2022

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

Continue Reading

20 декабря, 2022

### Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallatio ...

Continue Reading

19 декабря, 2022

### Impact In ghinstallation v1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. https://github.com/bradleyfalzon/ghinstallatio ...

Continue Reading

19 декабря, 2022

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxH4ORvtpJZLry3tPrOdrXtg4IZ3wKmD5jgL1MF4dFmYha42IOKeYVKJFGtwOoacaOZreL3-rixcCank0fW1cBhkwYCBGBO00xJ7-dzulegHFExvvqvhbDjFhutjk13ODp8rcqFl ...

Continue Reading

16 декабря, 2022

## Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. ## Vulnerability Details ** CVEID: **[CVE-2018-8023]() ** DESCRIPTION: **Apache Mesos could allow a remote ...

Continue Reading

14 декабря, 2022

### Impact All authenticated Cube clients could bypass row-level security and run arbitrary SQL via the newly introduced /v1/sql-runner endpoint. ### Patches The change has been reverted in 0.31.24 ## ...

Continue Reading

12 декабря, 2022