shogo82148

3 exploits Active since Oct 2017
CVE-2017-1000117 NOMISEC HIGH WORKING POC
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVSS 8.8
CVE-2025-30154 WRITEUP HIGH WRITEUP
reviewdog/action-setup - Embedded Malicious Code via Compromised GitHub Action
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.
CVSS 8.6
CVE-2023-24623 WRITEUP HIGH WRITEUP
paranoidhttp < 0.3.0 - Server-Side Request Forgery via IPv6 Loopback Bypass
Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses.
CVSS 7.5