CVE-2025-47775

MEDIUM Year: 2025
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-201
View all →

Vulnerability Description

Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result in sandbox bypass. Version 0.8.4 fixes the issue.

Related Vulnerabilities

CVE-2017-16026

MEDIUM
CVSS:5.9(Medium)

Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2...

CWE-2012017

CVE-2017-2582

MEDIUM
CVSS:6.5(Medium)

It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an at...

CWE-2012017

CVE-2019-15580

MEDIUM
CVSS:6.5(Medium)

An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head ...

CWE-2012019

CVE-2020-27748

MEDIUM
CVSS:6.5(Medium)

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbi...

CWE-2012020

CVE-2022-0018

MEDIUM
CVSS:6.5(Medium)

An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when ...

CWE-2012022

CVE-2022-27671

MEDIUM
CVSS:6.5(Medium)

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

CWE-2012022