GHSA-9V8J-9C9G-W66C

OpenClaw: Shell positional parameters could weaken strict inline-eval checks

Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape

CVE-2024-6385 was a critical improper access control flaw in GitLab Community and Enterprise Edition disclosed on July 11, 2024, affecting versions from 15.8 before 16.11.6, 17.0 before 17.0.4, and 17.1 before 17.1.2, that under certain circumstances let an attacker trigger and run a CI/CD pipeline as another, arbitrary user. The bug stemmed from the pipeline-triggering logic failing to correctly validate the identity of the user on whose behalf a pipeline was started, so jobs executed with the victim's permissions, CI_JOB_TOKEN, and access to their CI/CD secrets such as cloud tokens, Kubernetes service accounts, and attached identities, enabling privilege escalation across the platform. It was effectively a re-fix of CVE-2024-5655 (also critical, disclosed late June 2024), whose root cause was that merge requests automatically retargeted to a new branch upon merge would inadvertently trigger pipeline execution as the original author without manual initiation, with GraphQL CI_JOB_TOKEN authentication being disabled by default as part of the mitigation. Both flaws were rated critical by GitLab and prompted urgent patch guidance.

On January 11, 2024 Praetorian researchers John Stawinski and Adnan Khan publicly disclosed a critical supply-chain attack against PyTorch's GitHub Actions CI, originally reported on August 9, 2023. They first merged a trivial markdown typo fix, which promoted their account to a returning contributor whose pull-request workflows no longer required manual approval. PyTorch ran CI on persistent, non-ephemeral self-hosted runners left at GitHub's default setting that lets fork pull-request workflows execute on them, so a malicious draft PR running a curl-pipe-bash payload executed attacker code directly on the long-lived runner. Because the runner was not torn down between jobs, the attackers stole the runner's GitHub Actions registration token plus a write-scoped GITHUB_TOKEN, the GH_PYTORCHBOT_TOKEN and UPDATEBOT_TOKEN personal access tokens reaching 90-plus repositories, and the aws-pytorch-uploader AWS keys. This was a textbook self-hosted-runner plus fork-PR poisoned pipeline execution (pwn request) that enabled release and S3 artifact poisoning of distributed PyTorch binaries.

Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints

PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle