2 matches found
MAL-2026-5596 Malicious code in 0x2ai-demo8x (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6d1ce2d7b8faa5bde122eb2bc6e0a79fec5f5720cfa7de0718a0c8948b344d6 On npm install, scripts/postinstall.cjs copies the package's payload/ tree into INITCWD the consumer's project root using fs.cpSync,...
httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
Summary There may be an SSRF vulnerability in httparty. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. Details When httparty receives a path argument that is an absolute URL, it ignores the baseuri field. As a result, if ...