Minder by Stacklok is an open source... CVE-2024-31455

- AV AC AU C I A
发布: 2024-04-09
修订: 2024-04-10

Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`.

0%
暂无可用Exp或PoC
当前有0条受影响产品信息