Saptaktdk

2 exploits Active since Feb 2018

CVE-2018-6574 NOMISEC HIGH WORKING POC

GO < 1.8.6 - Code Injection

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

CVSS 7.8

View Code

CVE-2024-2083 NOMISEC CRITICAL STUB

zenml < 0.55.5 - Path Traversal via /api/v1/steps Logs URI Parameter

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

CVSS 9.9

View Code