MAL-2022-851 Malicious code in additional-properties (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76a44ce34d1ad24320b0c2a981a6691a1d0c55ecd04f7d7fd24dd29ae86f8df4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in additional-properties (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76a44ce34d1ad24320b0c2a981a6691a1d0c55ecd04f7d7fd24dd29ae86f8df4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CSS injection with width and height options

Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...

CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...

CVE-2019-10790

CVE-2019-10790 concerns the taffydb package (taffydb/taffydb.html) where versions up to 2.7.3 are affected. The issue, as described across multiple sources in the connected documents, is that an attacker can forge the internal index used per data item by injecting extra properties into user input. I...