Filtered by vendor Google
Subscriptions
Filtered by product Bazel
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3474 | 1 Google | 1 Bazel | 2024-11-21 | 4.3 Medium |
| A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. We recommend upgrading to versions later than or equal to 5.3.2 or 4.2.3. | ||||
| CVE-2021-22539 | 1 Google | 1 Bazel | 2024-11-21 | 8.2 High |
| An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. VScode-bazel allows the workspace path to lint *.bzl files to be set via this config file. As such the attacker is able to execute any executable on the system through vscode-bazel. We recommend upgrading to version 0.4.1 or above. | ||||
Page 1 of 1.