Skip to content

Release v1.1.2
Compare
Choose a tag to compare
@0xn3va 0xn3va released this 19 Mar 12:05
· 17 commits to main since this release
v1.1.2
6fd756f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Added

  • Parameters injection c4853f9
    • Abusing .git/HEAD
    • --output parameter in git-blame
    • Maven and pom.xml

Updated

  • CI/CD e150e44
    • GitHub Actions:
      • Artifacts poisoning
      • Secrets disclosure for the workflow_call event
      • head.sha and head.ref confusion
      • Unclaimed actions
  • Weak random generation e8c2cce
    • Cracking org.apache.commons.lang3.RandomStringUtils in Java
  • Command injection 8e399cf and 02d58f8
    • Command injections for languages (refactoring and new cases)
Assets 2
Loading