400 matches found
CVE-2024-36578
akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js...
CVE-2024-36574
A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON flatten-json/index.js:42...
Prototype Pollution
@bit/loader is vulnerable to Prototype Pollution. The vulnerability is due to missing proto property restrictions within the M function's e argument in index.js, which allows an attacker to execute arbitrary code...
GHSA-8VR4-H4RR-8PH6 MiguelCastillo @bit/loader Prototype Pollution issue
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
MiguelCastillo @bit/loader Prototype Pollution issue
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
CVE-2024-24293
A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js...
CVE-2024-24293
CVE-2024-24293 affects MiguelCastillo @bit/loader (version 10.0.3). The root cause is a prototype pollution flaw in the M function’s e argument within index.js, enabling arbitrary code execution. Exploitation status is not detailed in the provided documents. Remediation guidance from PT-Security ...
bit-loader 安全漏洞
bit-loader is a framework for building module loaders by the individual developer Miguel Castillo. A security vulnerability exists in bit-loader-babel version v.10.0.3, which originated from a vulnerability that allows an attacker to execute arbitrary code via the M function e parameter in index....
CVE-2024-4067
A flaw was found in the NPM package micromatch where it is vulnerable to a regular expression denial of service ReDoS. The issue occurs in micromatch.braces in index.js because the pattern . will readily match anything. By passing a malicious payload, the pattern matching will keep backtracking t...
CVE-2024-4067
The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...
CVE-2024-4067
The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...
CVE-2024-4067 Regular Expression Denial of Service in micromatch
The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...
CVE-2024-4067
CVE-2024-4067 affects the NPM package micromatch prior to 4.0.8. The vulnerability is in micromatch.braces() in index.js, where the pattern .* can cause extreme backtracking (ReDoS) as input grows, leading to hangs or slowdowns. A fix was merged and the issue is noted as mitigated by upgrading to...
CVE-2024-4067 Regular Expression Denial of Service in micromatch
The NPM package micromatch prior to 4.0.8 is vulnerable to Regular Expression Denial of Service ReDoS. The vulnerability occurs in micromatch.braces in index.js because the pattern . will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the...
CVE-2024-29154
danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText...
CVE-2023-50473
Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...
CVE-2023-50473
Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...
Cross site scripting
Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...
CVE-2023-50473
Cross-Site Scripting XSS vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers SID in index.js file...
CVE-2023-50473
CVE-2023-50473 affects bill-ahmed qbit-matUI v1.16.4. The issue is a Cross-Site Scripting (XSS) vulnerability that allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in the index.js file. Connected sources also indicate a remediation path: update to a newe...