43 matches found
UBUNTU-CVE-2026-56018
JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...
ch.reportingsoft.birt:birt-runtime-bundle (>=4.19.0 <=4.20.0), cloud.wondrify:coffee-asset-pipeline (>=5.0.10 <=5.1.0-M4) +163 more potentially affected by CVE-2025-66453 via org.mozilla:rhino (=1.8.0)
org.mozilla:rhino MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.mozilla:rhino and may be impacted: - ch.reportingsoft.birt:birt-runtime-bundle =4.19.0, =5.0.10, =5.0.10, =5.0.10, =10.2.1, =8.0.0, =8.0.0, =5.0.6, =5.0.6, =5.0....
EUVD-2014-8872
Malware in sbrugna...
EUVD-2022-3922
Malicious code in bioql PyPI...
EUVD-2022-5517
Malicious code in bioql PyPI...
Malicious code in asset_pipeline (npm)
The package assetpipeline was found to contain malicious code...
Malicious code in asset-pipeline-yaml-combiner (npm)
The package asset-pipeline-yaml-combiner was found to contain malicious code...
MAL-2025-14941 Malicious code in asset-pipeline-yaml-combiner (npm)
The package asset-pipeline-yaml-combiner was found to contain malicious code...
MAL-2025-14944 Malicious code in asset_pipeline (npm)
The package assetpipeline was found to contain malicious code...
CVE-2018-1000817
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
Malicious code in asset-pipeline (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in asset-pipeline_i18n (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-6701 Malicious code in asset-pipeline (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
Asset Pipeline plugin for Grails vulnerable to Path Traversal
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...
GHSA-G7WM-22M6-5774 Asset Pipeline plugin for Grails vulnerable to Path Traversal
An issue was discovered in the Asset Pipeline plugin before 3.0.4 for Grails. An attacker can perform directory traversal via a crafted request when a servlet-based application is executed in Jetty, because there is a classloader vulnerability that can allow a reverse file traversal route in...
Asset Pipeline Grails Plugin vulnerable to Path Traversal
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
GHSA-W73Q-MC9G-J56X Asset Pipeline Grails Plugin vulnerable to Path Traversal
Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...
Prototype Pollution
Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The function zipObjectDeep can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects. PoC js...
Malicious Package
Overview asset-pipelinei18n is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
com.bertramlabs.plugins:ratpack-asset-pipeline (>=2.2.7 <=4.3.0), com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5) +88 more potentially affected by CVE-2019-10770 via io.ratpack:ratpack-core (>=0.9.0 <=1.7.5)
io.ratpack:ratpack-core MAVEN version =0.9.0, =2.2.7, =0.4, =0.0.1, =0.0.1, =0.0.2, =1.0.0, =1.2, =1.2, =1.3, =1.1, =1.1, =1.5, =1.1, =1.8 and more Source cves: CVE-2019-10770 Source advisory: OSV:GHSA-R2WF-Q3X4-HRV9...