Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign up[JAVA] CWE-706: Use of Incorrectly-Resolved Name or Reference & CWE-201: Exposure of Sensitive Information Through Sent Data #137
Labels
Comments
|
@intrigus-lgtm as per https://securitylab.github.com/bounties this submission in the Bug Slayer category will require at least 4 CVE to be triaged as a direct result of this query's findings. We understand this is still a work in progress, so please update this issue when your CVE listings start coming in and we'll move the award evaluation process along accordingly. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE ID(s)
List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.
CVE-2020-4039: https://github.com/fossasia/susi_server/security/advisories/GHSA-wcm4-2jp5-q269CVE-2020-15097: https://github.com/loklak/loklak_server/security/advisories/GHSA-7557-4v29-rqw6Report
Paths that can be influenced by users (= Directory traversal) where the content of the path is returned to the user or where user data is written to.
"Arbitrary read and write"
Query: github/codeql#3794