[gitsome] OS Command Injection in gitsome

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
References

https://nvd.nist.gov/vuln/detail/CVE-2021-34081
https://advisory.checkm…

[dragonfly] Arbitrary file write in dragonfly

An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL.
References

https://nvd.nist.gov/vuln/detail/…

[ibexa/core] Login timing attack in ibexa/core

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be go…

[gogs.io/gogs] OS Command Injection in gogs

Impact
The malicious user is able to update a crafted config file into repository’s .git directory with to gain SSH access to the server. All installations with repository upload enabled (default) are affected.
Patches
Repository file updates are prohi…