29 matches found
Malicious code in @immuta/feature-flags-core (npm)
Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...
MAL-2026-1381 Malicious code in @immuta/feature-flags-core (npm)
Malicious package due to data exfiltration to a hardcoded IP, command execution --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5faa2e2b3afed77ff19adb0b231de0a6ecdd10f713507e643a56d3d5503b1e47 The package @immuta/feature-flags-core was found to contain malicious...
MAL-2026-1383 Malicious code in @immuta/pxl-components (npm)
Malicious package due to data exfiltration, arbitrary command execution, and suspicious install scripts targeting dependency confusion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03d86f67d7f931d0f720838a4bda33d56a54a5502b29ebe3e1094a984041b7a2 The package...
EUVD-2020-7922
Malware in sbrugna...
EUVD-2020-7920
Malware in sbrugna...
CVE-2020-15952
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...
CVE-2020-15949
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...
CVE-2020-15950
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...
Immuta Cross-Site Scripting Vulnerability
Immuta is a data management software solution for sharing and managing data. A cross-site scripting vulnerability exists in Immuta 2.8.2. An attacker can exploit the vulnerability to elevate privileges to administrative privileges...
Immuta Session Mismanagement Vulnerability
Immuta is a data organizing platform for data analysis from Immuta. A session mismanagement vulnerability exists in Immuta version v2.8.2, which causes logging out without undoing the user's session. No details of the vulnerability are provided at this time...
CVE-2020-15952
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...
CVE-2020-15951
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...
CVE-2020-15951
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal...
CVE-2020-15950
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...
CVE-2020-15950
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...
CVE-2020-15949
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...
CVE-2020-15949
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...
Information disclosure
Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover...
Design/Logic Flaw
Immuta v2.8.2 is affected by improper session management: user sessions are not revoked upon logout...
Cross site scripting
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges to administrative permissions. Additionally, unauthenticated attackers can phish unauthenticated Immuta users to steal credentials or force actions on authenticated users through reflected, DOM-based...