[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack episode artwork

EPISODE · Oct 18, 2022 · 25 MIN

[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack

from Day[0] · host dayzerosec

This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text) Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/159.html [00:00:00] Introduction [00:01:01] New reward system to accelerate learning and growth on Detectify [00:04:33] RCE via github import [00:11:27] Securing Developer Tools: A New Supply Chain Attack on PHP [00:17:32] FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive [CVE-2022-40684] [00:23:08] Apache Commons Text Interpolation leading to potential RCE [CVE-2022-42889]

Episode metadata supplied by the publisher feed · Published Oct 18, 2022

This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text) Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/159.html [00:00:00] Introduction [00:01:01] New reward system to accelerate learning and growth on Detectify [00:04:33] RCE via github import [00:11:27] Securing Developer Tools: A New Supply Chain Attack on PHP [00:17:32] FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass Technical Deep Dive [CVE-2022-40684] [00:23:08] Apache Commons Text Interpolation leading to potential RCE [CVE-2022-42889]

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

[bounty] GitHub to GitLab RCE and a new PHP Supply Chain Attack

0:00 25:37

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 25 minutes long.

When was this Day[0] episode published?

This episode was published on October 18, 2022.

What is this episode about?

This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text) Links and vulnerability summaries for this episode are available at:...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!