2 matches found
AZL-50322 CVE-2024-48949 affecting package reaper for versions less than 3.1.1-13
The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S.gtesig.eddsa.curve.n || sig.S.isNeg" validation...
AZL-49123 CVE-2024-43799 affecting package reaper for versions less than 3.1.1-13
Send is a library for streaming files from the file system as a http response. Send passes untrusted user input to SendStream.redirect which executes untrusted code. This issue is patched in send 0.19.0...