Количество 2
Количество 2
CVE-2024-31455
Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.
GHSA-ggp5-28x4-xcj9
Minder GetRepositoryByName data leak
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-31455 Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| GHSA-ggp5-28x4-xcj9 Minder GetRepositoryByName data leak | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу