101 matches found
dot-querystring 安全漏洞
dot-querystring is a dot notation library for node query strings by the individual developer Naoya Tsutsumi. A security vulnerability exists in dot-querystring version v0.2.0, which stems from the lib.parse function containing a prototype contamination vulnerability...
The vulnerability of the node-tar module in the Node.js library, which allows a hacker to cause a service failure.
The vulnerability of the node-tar module in the Node.js library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
PT-2024-40080 · Php-Jwt +4 · Php-Jwt +4
Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken affected versions not specified pyjwt affected versions not specified namshi/jose affected versions not specified php-jwt affected versions not specified jsjwt affected versions not specified Description: The issue affects...
USN-6086-1 node-minimatch vulnerability
It was discovered that minimatch incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...
Malicious code in santander-portal-node-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d1fb57cea3e1f21e52c22b2fb33191996e04c3aef96c7b9cf1fc6184b6d0883 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-760 Malicious code in santander-portal-node-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7d1fb57cea3e1f21e52c22b2fb33191996e04c3aef96c7b9cf1fc6184b6d0883 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2023-30846 typed-rest-client vulnerable to potential leak of authentication data to 3rd parties
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with...
USN-5999-1 node-trim-newlines vulnerability
It was discovered that trim-newlines incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2021-33623...
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host...
GHSA-WF5X-CR3R-XR77 vm2 before 3.6.11 vulnerable to sandbox escape
This affects the package vm2 before 3.6.11. It is possible to trigger a RangeError exception from the host rather than the "sandboxed" context by reaching the stack call limit with an infinite recursion. The returned object is then used to reference the mainModule property of the host code runnin...
Malicious code in idp-shared-node-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 924985792a90f0e9ebc02fb735718e78effffb1d34a5862e84d55ba9189fbeab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-3778 Malicious code in idp-shared-node-library (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 924985792a90f0e9ebc02fb735718e78effffb1d34a5862e84d55ba9189fbeab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
1405-authtokens (>=1.0.1 <=1.0.5), 1405_logging (=1.0.0) +7529 more potentially affected by CVE-2021-43138 via async (>=2.0.0 <=2.6.3)
async NPM version =2.0.0, =1.0.1, =2.3.0, =1.0.7, =0.0.1, =0.0.2, =0.0.2, =0.3.0, =0.4.0, =1.2.2 - @36node/template-service =0.3.5 and more Source cves: CVE-2021-43138 Source advisory: OSV:GHSA-FWR7-V2MV-HH25...
USN-5098-1 node-bl vulnerability
It was discovered that bl didn't properly sanitize the inputs. An attacker could use this to leak sensitive information...
02-sms-async (=1.0.0), 10tcl (=0.0.1) +8854 more potentially affected by CVE-2020-7610 via bson (>=0.0.4 <=1.1.1)
bson NPM version =0.0.4, =1.0.1, =1.0.7, =0.0.1, =0.0.2, =0.3.0, =0.1.4, =0.0.1, =0.1.0, =1.0.0 and more Source cves: CVE-2020-7610 Source advisory: OSV:GHSA-V8W9-2789-6HHR...
USN-4783-1 node-minimatch vulnerability
It was discovered that minimatch did not perform necessary bounds checking on regular expressions. An attacker could use this vulnerability to cause a denial of service...
CVE-2020-7753
All versions of package trim are vulnerable to Regular Expression Denial of Service ReDoS via trim...
CVE-2020-15123
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
CVE-2020-15123 Command injection in codecov (npm package)
In codecov npm package before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE CVE-2020-7597 for GHSA-5q88-cjfq-g2mh was...
The vulnerability of the extractDir function in the Node.js library for working with zip files (Adm-zip), which allows a hacker to execute arbitrary code.
The vulnerability of the extractDir function in the Node.js library for working with zip files in the Adm-zip library is related to an incorrect limitation on the path name of the directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially...