Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3
CVE-2022-3474
- EPSS 0.02%
- Published 26.10.2022 19:15:16
- Last modified 21.11.2024 07:19:36
A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or ...
7.8
CVE-2021-22539
- EPSS 0.09%
- Published 16.04.2021 11:15:12
- Last modified 21.11.2024 05:50:18
An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executabl...
1