7 matches found
EUVD-2022-7477
Malicious code in bioql PyPI...
@khoazero123/hummus-recipe (=2.0.1), @mauriciocc/hummus-recipe (=2.0.1-node-16) +5 more potentially affected by CVE-2022-41957 via muhammara (>=1.10.0 <=2.0.0)
muhammara NPM version =1.10.0, =2.0.0, =1.10.25, =1.0.0, =1.0.4 Source cves: CVE-2022-41957 Source advisory: OSV:GHSA-2R7V-CMCH-5X26...
CVE-2022-41957 muhammara vulnerable to Unchecked Return Value to NULL Pointer Dereference
Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service DoS when supplied with a...
@khoazero123/hummus-recipe (=2.0.1), @mauriciocc/hummus-recipe (=2.0.1-node-16) +5 more potentially affected by CVE-2022-39381 via muhammara (>=1.10.0 <=2.0.0)
muhammara NPM version =1.10.0, =2.0.0, =1.10.25, =1.0.0, =1.0.4 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...
@khoazero123/hummus-recipe (=2.0.1), @mauriciocc/hummus-recipe (=2.0.1-node-16) +5 more potentially affected by CVE-2022-25892 via muhammara (>=1.10.0 <=2.0.0)
muhammara NPM version =1.10.0, =2.0.0, =1.10.25, =1.0.0, =1.0.4 Source cves: CVE-2022-25892 Source advisory: OSV:GHSA-9CV5-4WQV-9W94...
@mauriciocc/hummus-recipe (=2.0.1-node-16) potentially affected by CVE-2022-25885 via muhammara (=2.0.0)
muhammara NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on muhammara and may be impacted: - @mauriciocc/hummus-recipe =2.0.1-node-16 Source cves: CVE-2022-25885 Source advisory: SNYK:JS-MUHAMMARA-3091137...
Denial of Service (DoS)
Overview muhammara is a Create, read and modify PDF files and streams. A drop in replacement for hummusjs PDF library Affected versions of this package are vulnerable to Denial of Service DoS when supplied with a maliciously crafted PDF file to be parsed. PoC js var pdfReader =...