CVE-2022-25875 Cross-site Scripting (XSS)

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

CVE-2022-25875

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is possible via objects with a custom toString function...

svelte 跨站脚本漏洞

svelte is a new way to build web applications open-sourced by Svelte. A security vulnerability exists in svelte versions prior to 3.49.0, which stems from improper input cleanup in the toString function...

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization and to improper escape of attributes when using objects during SSR Server-Side Rendering. Exploiting this vulnerability is...

GHSA-27MX-GCHC-6XJP Unhandled crash in npm posix

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

Unhandled crash in npm posix

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

Design/Logic Flaw

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

CVE-2022-21211

CVE-2022-21211 affects the npm package posix (all versions) and is caused by the toString method not being invokable, causing a crash (DoS) when the code falls back to a 0x0 value. The vulnerability has public discussion and proof-of-concept material (e.g., a Snyk overview with a PoC) and multipl...

CVE-2022-21211 Denial of Service (DoS)

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

CVE-2022-21211

This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable not a function, and then it will crash with type-check...

posix 安全漏洞

posix is a portable operating system interface. A security vulnerability exists in all versions of posix, which stems from a call to the toString method that falls back to the value 0x0 and can be exploited by an attacker to conduct a Dos attack...

GHSA-QFR3-323W-QV27 Possible information disclosure inside TreeGrid component with default data provider

Description The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information...

GHSA-FX7F-RJQJ-52PJ Deserialization of Untrusted Data in Spring AMQP

In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...

CVE-2022-29567

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

Vaadin Flow Components 信息泄露漏洞

Vaadin Flow Components is a Maven multi-module project that contains all Vaadin flow components. A security vulnerability exists in Vaadin Flow Components that stems from the default configuration of the TreeGrid component that uses Object::toString as the key for client-server communication in...

Possible information disclosure inside TreeGrid component with default data provider

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

GHSA-5HFP-964W-5VGM Improper Limitation of a Pathname to a Restricted Directory in Jenkins

A path traversal vulnerability exists in the Stapler web framework used by Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/org/kohsuke/stapler/Facet.java, groovy/src/main/java/org/kohsuke/stapler/jelly/groovy/GroovyFacet.java,...

GHSA-773H-W45W-F2F9 Denial of service vulnerability exists in libxmljs

libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a...

CVE-2022-21227

A vulnerability was found in sqlite3. The flaw occurs due to a segmentation fault of an invalid toString object. Users experience a fatal error when supplying a specific object in the parameter array due to this issue...