Lucene search
GoogleOSV:GHSA-9J49-MFVP-VMHMHistorySep 02, 2021 - 5:10 p.m.
Code Injection in pac-resolver
2021-09-0217:10:06
Google
osv.dev
10
0.004 Low
EPSS
Percentile
74.7%
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pac-resolver | lt | 5.0.0 | |
| degenerator | lt | 3.0.1 |
References
github.com/TooTallNate
github.com/TooTallNate/node-degenerator/commit/9d25bb67d957bc2e5425fea7bf7a58b3fc64ff9e
github.com/TooTallNate/node-degenerator/commit/ccc3445354135398b6eb1a04c7d27c13b833f2d5
github.com/TooTallNate/node-pac-resolver/releases/tag/5.0.0
nvd.nist.gov/vuln/detail/CVE-2021-23406
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1568506
snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857
Related
redhatcve
redhatcve
CVE-2021-23406
2021-08-26 17:00:39
nodejs
nodejs
Code Injection
2021-09-20 18:55:08
osv
osv
CVE-2021-23406
2021-08-24 08:15:18
nvd
nvd
CVE-2021-23406
2021-08-24 08:15:18
cve
cve
CVE-2021-23406
2021-08-24 08:15:18
ibm
ibm
veracode
veracode
Remote Code Execution
2021-08-25 06:15:52
cvelist
cvelist
CVE-2021-23406 Remote Code Execution (RCE)
2021-08-24 00:00:00
prion
prion
Input validation
2021-08-24 08:15:00
github
github
Code Injection in pac-resolver
2021-09-02 17:10:06
thn
thn
Critical Bug Reported in NPM Package With Millions of Downloads Weekly
2021-09-13 13:48:00