Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

Command Injection in wxchangba

All versions of wxchangba are vulnerable to Command Injection. The package does not validate user input on the reqPostMaterial function, passing contents of the file parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation No fix is currently...

Command Injection in soletta-dev-app

All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation ...

GHSA-8MGG-5X65-M4M4 Command Injection in soletta-dev-app

All versions of soletta-dev-app are vulnerable to Command Injection. The package does not validate user input on the /api/service/status API endpoint, passing contents of the service query parameter to an exec call. This may allow attackers to run arbitrary commands in the system. Recommendation ...

Path Traversal in public

All versions of public are vulnerable to Path Traversal. This vulnerability allows an attacker to access files outside the webroot since it allows symlink navigation in the URL. Recommendation No fix is currently available. Do not use public in production or consider using an alternative module...

Path Traversal in file-static-server

All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is mad...

GHSA-QJFH-XC44-RM9X Path Traversal in file-static-server

All versions of file-static-server are vulnerable to Path Traversal. Due to insufficient input sanitization in URLs, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is mad...

GHSA-65M9-M259-7JQW Improper Authorization in react-oauth-flow

All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendation No fix ...

Improper Authorization in react-oauth-flow

All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendation No fix ...

Command Injection in expressfs

All versions of expressfs are vulnerable to Command Injection. The package does not validate user input on several API endpoints, allowing attackers to run arbitrary commands in the system. The affected endpoints are: expressfs.appendFile, expressfs.cp, expressfs.create and expressfs.rmdir...

GHSA-G7MW-5CQ6-FV82 Cross-Site Scripting in wangeditor

All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

Cross-Site Scripting in wangeditor

All versions of wangeditor are vulnerable to Cross-Site Scripting. The package fails to properly encode output, allowing arbitrary JavaScript to be inserted in links and executed by browsers. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

GHSA-RFFP-MC78-WJF7 Command Injection in cocos-utils

All versions of cocos-utils are vulnerable to Remote Code Execution. The unzip function concatenates user input to exec which may allow attackers to execute arbitrary commands on the server. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

GHSA-9PR3-7449-977R Cross-Site Scripting in express-cart

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is currently...

Cross-Site Scripting in express-cart

All versions of harp are vulnerable to Cross-Site Scripting. In the admin page it is possible to inject arbitrary JavaScript as a new product option, allowing attackers to execute arbitrary code. This is limited to the admin page and does not affect other pages. Recommendation No fix is currently...

Cross-Site Scripting in harp

Withdrawn This advisory has been withdrawn per request from the maintainer. Given harp is a static webserver, a XSS type of vulnerability is not appropriate. Original advisory description All versions of harp are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine,...

Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

GHSA-WQHW-FRPX-5MMP Command Injection in tomato

All versions of tomato are vulnerable to Command Injection. The /api/exec endpoint does not validate user input allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...

Sandbox Breakout / Arbitrary Code Execution in sandbox

All versions of sandbox through 0.8.2 are vulnerable to Sandbox Escape leading to Remote Code Execution. Due to insufficient input sanitization it is possible to escape the sandbox using constructors. Proof of concept var Sandbox = require"sandbox" s = new Sandbox code = new Function"return...

Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...