Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Package Manager Configurations Security Vulnerabilities

cve
cve

CVE-2020-36327

Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that.....

8.8CVSS

8.3AI Score

0.013EPSS

2021-04-29 03:15 AM
267
6
cve
cve

CVE-2021-24105

Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. This insertion could lead to remote code execution. We believe...

8.4CVSS

8.7AI Score

0.013EPSS

2021-02-25 11:15 PM
57
4