3 matches found
MAL-2026-4596 Malicious code in koishi-plugin-yuan (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca3069b86d0de573768e010f6ee414d10454b7aa241d17bfa056ca2d7665e533 koishi-plugin-yuan exposes an HTTP endpoint /api/bind-cookie that accepts Bilibili user cookies including SESSDATA and bilijct and forwards them via...
Google TensorFlow code issue vulnerability (CNVD-2020-54781)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A security vulnerability exists in Tensorflow versions prior to 2.2.1, and in version 2.3.1, which stems from the pybind11 bonding code that assumes that the arguments are tensors, which can be...
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...