退職届を受け取ってもらえない——。にわかには信じがたい話かもしれませんが、弁護士ドットコムの「みんな…
[simple-git] Command injection in simple-git
Git-js is a light weight interface for running git commands in any node.js application.The package simple-git before 3.5.0 are vulnerable to Command Injection due to an incomplete fix of CVE-2022-24433 which only patches against the git fetch attack ve…
[cocoapods-downloader] Command injection in cocoapods-downloader
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that addi…
[cocoapods-downloader] Command injection in cocoapods-downloader
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters ar…
PCのWEBカメラ、隠したいときは身近にある「アレ」が便利
いまや日常と化した「WEB会議」、ノートPC内蔵のカメラとマイクで参加している人は多いはず。画質・音…
[matrix-synapse] Uncontrolled Resource Consumption in Matrix Synapse
Impact
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after max_spider_size (default: 10M) bytes ha…
[deepmerge-ts] Prototype Pollution in deepmerge-ts
deepmerge-ts is used to merge 2 or more objects respecting type information. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). A fix was released in version 4.0.2. Currently, there is no known work…
Infinite Mac
A Mac with everything you’d want in 1995.
国交省、新モビリティサービス推進事業に関する支援事業追加選定
国土交通省は3月30日、MaaSの実現に必要となる基盤整備や、新モビリティサービス事業計画の策定等の…
パナソニックが持株会社に移行 新会社パナソニックコネクト発足
4月1日に行われるパナソニック株式会社の持株会社制への移行に伴い、パナソニックコネクト株式会社(以下…