Updated nodejs-yargs-parser packages fix security vulnerability

yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "proto" payload CVE-2020-7608...

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

Code injection

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421 ApiKey secret could be revelated on network issue

node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-client v0.3.0 and later...

CVE-2021-21421

CVE-2021-21421 affects the node-etsy-client (Node.js Etsy REST API client). The issue is that applications reporting client errors to end users could leak the API key value in error output. The root cause is tied to how error information is exposed to end users. Mitigation is to upgrade to node-e...

CVE-2020-28469

A flaw was found in nodejs-glob-parent. The enclosure regex used to check for glob enclosures containing backslashes is vulnerable to Regular Expression Denial of Service attacks. This flaw allows an attacker to cause a denial of service if they can supply a malicious string to the glob-parent...

Photon OS 3.0: Nodejs PHSA-2021-3.0-0213

An update of the nodejs package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0213. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid148292;...

Important Photon OS Security Update - PHSA-2021-3.0-0213

Updates of 'nodejs', 'subversion', 'glib' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-0213

Updates of 'nodejs', 'subversion', 'glib' packages of Photon OS have been released...

CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

CVE-2021-21413

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

Design/Logic Flaw

isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference objects allow access to...

CVE-2021-21413

CVE-2021-21413 affects the isolated-vm library for Node.js prior to v4.0.0. The issue arises from API pitfalls where exposed Reference objects can reveal a reference to the nodejs context’s Function object and potentially the prototype chain, enabling attacks that could modify API objects or acce...

CVE-2021-28918

A flaw was found in nodejs-netmask. Octal input data may lead to a server-side request forgery, remote file inclusion, local file inclusion, and other vulnerabilities. The highest threat from this vulnerability is to data integrity...

isolated-vm 安全漏洞

Marcel Laverdet isolated-vm is a Marcel Laverdet open source application. Library for nodejs with access to v8's Isolate interface. A security vulnerability exists in isolated-vm, which stems from an API flaw that can be exploited by an attacker to obtain references to function objects in a nodej...

CVE-2021-23358

A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

CVE-2017-16099

A flaw was found in nodejs-no-case, where the no-case module is vulnerable to a regular expression denial of service. This issue occurs when malicious untrusted user input is passed into no-case and blocks the event loop, resulting in a denial of service. The highest threat from this vulnerabilit...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

nodejs-angular: XSS due to regex-based HTML replacement

A XSS flaw was found in nodejs-angular. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...