36 matches found
Aurelia-Path < 1.1.7 - Prototype Pollution
Aurelia-path before 1.1.7 contains a prototype pollution caused by parsing malicious URL parameters, letting attackers modify Object.prototype, exploit requires the application to parse user-controlled URLs. id: CVE-2021-41097 info: name: Aurelia-Path 1.1.7 - Prototype Pollution author: 0xAkoko...
CVE-2021-41097
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...
EUVD-2021-1962
Malware in sbrugna...
EUVD-2022-1094
Malicious code in bioql PyPI...
Malicious code in aurelia-tables (npm)
The package aurelia-tables was found to contain malicious code...
MAL-2025-15045 Malicious code in aurelia-tables (npm)
The package aurelia-tables was found to contain malicious code...
MAL-2025-4955 Malicious code in typescript-aurelia-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f456bd00aefe5bb2b77b87defb41f72c059fe860d67b0fd0dfdfc98baebb11a Any computer that has this package installed or running should be considered...
Malicious code in typescript-aurelia-api (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5f456bd00aefe5bb2b77b87defb41f72c059fe860d67b0fd0dfdfc98baebb11a Any computer that has this package installed or running should be considered...
CVE-2019-10062
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
hotel-aurelia.com Improper Access Control vulnerability OBB-3801397
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
aurelia-holding.de Cross Site Scripting vulnerability OBB-2708876
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cross-site Scripting in aurelia-framework
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
@dolittle/node-red (>=2.0.0 <=2.2.5), @dolittle/node-red-infor-m3 (>=2.0.1 <=2.1.5) +50 more potentially affected by CVE-2019-10062 via aurelia-framework (>=1.0.0 <=1.3.1)
aurelia-framework NPM version =1.0.0, =2.0.0, =2.0.1, =1.2.1, =1.0.0, =0.1.9, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.11 and more Source cves: CVE-2019-10062 Source advisory: OSV:GHSA-M6J2-V3GQ-45R5...
GHSA-M6J2-V3GQ-45R5 Cross-site Scripting in aurelia-framework
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
aurelia path code injection vulnerability
aurelia path is part of the aurelia platform and contains utilities for path operations. A code injection vulnerability exists in aurelia path that exposes Aurelia applications that use the aurelia-path package to parse strings. No detailed vulnerability details are provided at this time...
Prototype Pollution
aurelia-path is vulnerable to prototype pollution. An attacker is able to modify object class Object by tricking an application to parse the following URL: https://aurelia.io/blog/?protoasdf=asdf...
GHSA-3C9C-2P65-QVWV Prototype pollution in aurelia-path
Impact The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will be Aurelia applications that employ the aurelia-router package. An example is this could allow an attacker to change the prototype of base object class Object by tricki...
aurelia-sails-socket-client (=0.10.0) potentially affected by CVE-2021-41097 via aurelia-path (=1.0.0-beta.1)
aurelia-path NPM version =1.0.0-beta.1 is affected by a known vulnerability. The following packages have a transitive dependency on aurelia-path and may be impacted: - aurelia-sails-socket-client =0.10.0 Source cves: CVE-2021-41097 Source advisory: OSV:GHSA-3C9C-2P65-QVWV...
Prototype pollution in aurelia-path
Impact The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will be Aurelia applications that employ the aurelia-router package. An example is this could allow an attacker to change the prototype of base object class Object by tricki...
CVE-2021-41097
aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses aurelia-path package to parse a string. The majority of this will b...