3 matches found
GHSA-32R3-57HP-CGFW EverShop at risk to unauthorized access via weak HMAC secret
An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.9. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens JWTs, allowing them access t...
GHSA-RRC9-GQF8-8RWG Prototype Pollution via file load in aws-sdk and @aws-sdk/shared-ini-file-loader
This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited furth...
Amazon Aws-sdk-js Security Vulnerability
Amazon Aws-sdk-js is a Javascript-based development kit for AWS service support for nodejs applications from Amazon.com, Inc. A security vulnerability exists in Amazon Aws-sdk-js before 1.0.0-rc.9, which can be exploited by an attacker to submit a malicious INI file to an application for further...