5 matches found
CVE-2026-JBrowse-Injection
CVE-2026-XXXXX: JBrowse Configuration Injection via URL Parame...
@jbrowse/core (>=1.4.0 <=1.7.3), @persistr/js (>=3.6.3 <=3.14.0) +5 more potentially affected by unknown CVE via tenacious-fetch (=2.3.1)
tenacious-fetch NPM version =2.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tenacious-fetch and may be impacted: - @jbrowse/core =1.4.0, =3.6.3, =1.0.5, =1.0.0, =1.2.0 Source cves: unknown CVE Source advisory: SNYK:JS-TENACIOUSFETCH-14103737...
Malicious code in jbrowse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 718122d6ef307a963a9df00b5272528ab1af438eb21e93463a4fec2fb65e70ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-1367 Malicious code in jbrowse (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 718122d6ef307a963a9df00b5272528ab1af438eb21e93463a4fec2fb65e70ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the JBrowse browser, which allows for unlimited downloading of files of a malicious nature, enables attackers to execute arbitrary code.
The vulnerability of the JBrowse browser is related to the unlimited downloading of files of a malicious nature. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...