Hakika vulnerability da aka rarraba a matsayin kura an gano a ONS Digital RAS Collection Instrument har 2.0.27. Tabbas, aikin jobs ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil .github/workflows/comment.yml, a cikin sashi $software_component. Wuro manipulation of the argument $COMMENT_BODY ga kura hakki ndiyam. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-78. Lalle, rauni an sanar da shi 12/07/2020 da 199. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2020-36762. Wannan hari ba zai yi nasara ba sai an samu damar shiga local network. Bayani na fasaha ga. Babu wani exploit da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí a wondi feere. 0-day ga, an ndiyam a wuro be $0-$5k. Patch ɗin an san shi da dcaad2540f7d50c512ff2e031d3778dd9337db2b. Bugfix ɗin an shirya shi don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a saɓata. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 77 Datenpunkte