-
Arbitrary file write via tarslip in esm.sh (CVE-2025-65025)카테고리 없음 2025. 11. 19. 07:09
https://github.com/esm-dev/esm.sh/security/advisories/GHSA-h3mw-4f23-gwpw Arbitrary file write via tarslip### Summary The esm.sh CDN service is vulnerable to a Path Traversal (CWE-22) vulnerability during NPM package tarball extraction. An attacker can craft a malicious NPM package containing speci...github.com
-
JS Template Literal Injection in esm.sh (CVE-2025-65026)카테고리 없음 2025. 11. 19. 07:06
https://github.com/esm-dev/esm.sh/security/advisories/GHSA-hcpf-qv9m-vfgp JS Template Literal Injection in CSS-to-JavaScript### Summary The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its CSS-to-JavaScript module conversion feature. When a CSS file is requested with the `?modu...github.com
-
Command Injection in pgAdmin for Windows (CVE-2025-12763)Bug Bounty 2025. 11. 19. 00:10
SummaryCommand Injection vulnerability occurs in pgAdmin4 running on Windows environment due to the use of shell=True parameter in subprocess.Popen() when executing backup/restore processes. Attackers can execute arbitrary system commands through file path input.DetailsReproduce step:1.Login to pgAdmin4 on Windows environment2.Connect to a database server3.Select Restore function4.Send the follo..
-
Langfuse Server Side Request Forgery(SSRF)Bug Bounty 2025. 8. 31. 01:44
https://github.com/langfuse/langfuse GitHub - langfuse/langfuse: 🪢 Open source LLM engineering platform: LLM Observability, metrics, evals, prompt management, pla🪢 Open source LLM engineering platform: LLM Observability, metrics, evals, prompt management, playground, datasets. Integrates with OpenTelemetry, Langchain, OpenAI SDK, LiteLLM, and more. 🍊YC W23 ...github.comPatchedhttps://github.c..
-
-
Remote Code Execution Vulnerability in pgAdmin (CVE-2025-2945)Bug Bounty 2025. 4. 4. 18:19
IntroductionThis post provides a technical explanation of a Remote Code Execution (RCE) vulnerability discovered in pgAdmin (≤9.1), a widely used administration tool for PostgreSQL databases. To exploit this vulnerability, an authenticated user must be able to send a POST request to the pgAdmin server.The vulnerability exists in two separate features — /sqleditor/query_tool/download and /cloud/d..
-
잘못된 os.path.join() 사용으로 인한 취약점Web 2025. 3. 17. 01:10
1. os.path.join()import osBASE_DIR = "/tmp/"SUB_DIR = "sub_path"full_path = os.path.join(BASE_DIR, SUB_DIR) print(full_path) # /tmp/sub_pathhttps://docs.python.org/3/library/os.path.html#os.path.joinos.path.join(path, *paths) 인자 구성을 가진 함수로, 첫번째 인자의 path를 기준으로 그 다음 인자로 오는 path를 concat해주는 함수다.단순히 문자열을 이어붙여주는 것이 아니라 os 해석에 맞게 normalize 해준다.import osBASE_DIR = "/tmp"SUB_DIR = "../etc/passwd"full_pat..
-
Flowise RCE via File UploadBug Bounty 2025. 3. 15. 01:08
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-8vvx-qvq9-5948 Arbitrary file write to RCE### Summary An attacker could write files with arbitrary content to the filesystem via the `/api/v1/document-store/loader/process` API. An attacker can reach RCE(Remote Code Execution) via file w...github.comhttps://flowiseai.com/ Flowise - Low code LLM Apps BuilderOpen source low-code tool fo..