https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Tue, 05 May 2026 07:57:59 +0000 https://vulnerability.circl.lu/sighting/b0014ebd-14fe-46d5-8815-1fd1baf5fc98/export {"uuid": "b0014ebd-14fe-46d5-8815-1fd1baf5fc98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39304", "type": "seen", "source": "https://t.me/cibsecurity/55008", "content": "\u203c CVE-2022-39304 \u203c\n\nghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:51.000000Z"} {"uuid": "b0014ebd-14fe-46d5-8815-1fd1baf5fc98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39304", "type": "seen", "source": "https://t.me/cibsecurity/55008", "content": "\u203c CVE-2022-39304 \u203c\n\nghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:51.000000Z"} https://vulnerability.circl.lu/sighting/b0014ebd-14fe-46d5-8815-1fd1baf5fc98/export Tue, 20 Dec 2022 22:12:51 +0000 https://vulnerability.circl.lu/sighting/571f8d7e-11e4-410c-8814-2124f37687c3/export {"uuid": "571f8d7e-11e4-410c-8814-2124f37687c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39304", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12060", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39304\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L)\n\ud83d\udd39 Description: ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.\n\n\ud83d\udccf Published: 2022-12-20T19:52:28.024Z\n\ud83d\udccf Modified: 2025-04-16T14:47:35.191Z\n\ud83d\udd17 References:\n1. https://github.com/bradleyfalzon/ghinstallation/security/advisories/GHSA-h4q8-96p6-jcgr\n2. https://github.com/bradleyfalzon/ghinstallation/commit/d24f14f8be70d94129d76026e8b0f4f9170c8c3e\n3. https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation\n4. https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.go#L172-L174", "creation_timestamp": "2025-04-16T14:56:29.000000Z"} {"uuid": "571f8d7e-11e4-410c-8814-2124f37687c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39304", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12060", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-39304\n\ud83d\udd25 CVSS Score: 5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:L)\n\ud83d\udd39 Description: ghinstallation provides transport, which implements http.RoundTripper to provide authentication as an installation for GitHub Apps. In ghinstallation version 1, when the request to refresh an installation token failed, the HTTP request and response would be returned for debugging. The request contained the bearer JWT for the App, and was returned back to clients. This token is short lived (10 minute maximum). This issue has been patched and is available in version 2.0.0.\n\n\ud83d\udccf Published: 2022-12-20T19:52:28.024Z\n\ud83d\udccf Modified: 2025-04-16T14:47:35.191Z\n\ud83d\udd17 References:\n1. https://github.com/bradleyfalzon/ghinstallation/security/advisories/GHSA-h4q8-96p6-jcgr\n2. https://github.com/bradleyfalzon/ghinstallation/commit/d24f14f8be70d94129d76026e8b0f4f9170c8c3e\n3. https://docs.github.com/en/developers/apps/building-github-apps/authenticating-with-github-apps#authenticating-as-an-installation\n4. https://github.com/bradleyfalzon/ghinstallation/blob/24e56b3fb7669f209134a01eff731d7e2ef72a5c/transport.go#L172-L174", "creation_timestamp": "2025-04-16T14:56:29.000000Z"} https://vulnerability.circl.lu/sighting/571f8d7e-11e4-410c-8814-2124f37687c3/export Wed, 16 Apr 2025 14:56:29 +0000