146 matches found
Cross-Site Scripting bypass in html-purify
All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. No fix is currently available. Consider using an alternative package until a fix is made available...
Cross-Site Scripting bypass
Overview All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. Recommendation No fix is currently available. Consider using an alternative package until a fix is...
Command Injection
Overview Insufficient input validation in npm package jison = 0.4.18 may lead to OS command injection attacks. Recommendation No fix is currently available. Consider using an alternative package until a fix is made available. References - https://github.com/advisories/GHSA-vr9x-mm65-2438...
File restriction bypass in socket.io-file
All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. No fix is currently...
GHSA-6495-8JVH-F28X File restriction bypass in socket.io-file
All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. No fix is currently...
File restriction bypass in socket.io-file
Overview All versions of socket.io-fileare vulnerable to a file restriction bypass. The validation for valid file types only happens on the client-side, which allows an attacker to intercept the Websocket request post-validation and alter the name value to upload any file types. Recommendation No...
SQL Injection in untitled-model
All versions of untitled-model re vulnerable to SQL Injection. Query parameters are not properly sanitized allowing attackers to inject SQL statements and execute arbitrary SQL queries. Recommendation No fix is currently available. Consider using an alternative package until a fix is made availab...
SQL Injection in resquel
All versions of resquel are vulnerable to SQL Injection. Query parameters are not properly sanitized, allowing attackers to inject SQL statements and execute arbitrary SQL queries Recommendation No fix is currently available. Consider using an alternative package until a fix is made available...
Cross-Site Scripting in markdown-it-katex
All versions of markdown-it-katex are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser by triggering an error. Recommendation No fix is currently available. Consider using a...
GHSA-RJVJ-673Q-4HFW Command Injection in traceroute
All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an...
Command Injection in traceroute
All versions of traceroute are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The trace function is vulnerable and can be abused if the host value is controlled by an...
Insufficient Entropy in parsel
All versions of parsel use an insecure key derivation function. The package runs keys of arbitrary lengths through one round of SHA256 hashing for key stretching. This allows for the use of keys of insufficient entropy with inappropriate key stretching. Recommendation The package is deprecated an...
GHSA-WQGX-4Q47-J2W5 Insecure Cryptography Algorithm in parsel
All versions of parsel use an insecure cryptography algorithm. The package uses aes-256-cbc without integrity checks, which renders the ciphertext vulnerable to bit-flipping attacks. Recommendation The package is deprecated and will not be updated. Consider using an alternative package...
GHSA-49MG-94FC-2FX6 Command Injection in npm-git-publish
All versions of npm-git-publish are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an execSync call, which may allow attackers to execute arbitrary code in the system. The publish function is vulnerable through the gitRemoteUrl variable...
Command Injection in giting
All versions of gitting are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The pull function is vulnerable through the branch variable. Recommendation No fix is current...
Improper Authorization in passport-cognito
All versions of passport-cognito are vulnerable to Improper Authorization. The package fails to properly scope the variables containing authorization information, such as access token, refresh token and ID token. This causes a race condition where simultaneous authenticated users may receive...
GHSA-65XX-C85X-WG76 Command Injection in plotter
All versions of plotter are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a testing file in the current directory: var...
Sandbox Breakout / Arbitrary Code Execution in localeval
All versions of localeval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through constructor.constructor. This may allow attackers to execute arbitrary code in the system. Evaluating the payload...
Prototype Pollution in safe-object2
All versions of safe-object2 are vulnerable to prototype pollution. The settter function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...
Prototype Pollution in getsetdeep
All versions of getsetdeep are vulnerable to prototype pollution. The setDeep function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation No fix is currently available...