Skip to main content

Bazel

2 CVEs product

Monthly

CVE-2022-3474 MEDIUM This Month

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bazel
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.2%
CVE-2021-22539 HIGH This Week

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bazel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
EPSS 0% CVSS 5.1
MEDIUM This Month

A bad credential handling in the remote assets API for Bazel versions prior to 5.3.2 and 4.2.3 sends all user-provided credentials instead of only the required ones for the requests. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bazel
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

An attacker can place a crafted JSON config file into the project folder pointing to a custom executable. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bazel
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy