Malicious code in @checkbox-technology-pty-ltd/custom-block-kit (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ba31877b88dff4452a6868ad1ecebb0757a820bf7bf3cb5b52205da653a20624 The OpenSSF Package Analysis project identified...

Slack Morphism Information Disclosure Vulnerability

Slack Morphism is a modern asynchronous client library for Rust that supports Slack Web, Events APIocket Mode, and Block Kit. versions prior to Slack Morphism 1.3.2 have an information disclosure vulnerability that stems from insufficient protection of sensitive information in the application,...

Information disclosure

Slack Morphism is a modern client library for Slack Web/Events API/Socket Mode and Block Kit. Debug logs expose sensitive URLs for Slack webhooks that contain private information. The problem is fixed in version 1.3.2 which redacts sensitive URLs for webhooks. As a workaround, people who use Slac...

CVE-2022-39292

CVE-2022-39292 affects Slack Morphism, a Rust client library for Slack Web/Events API/Socket Mode and Block Kit. Vulnerability: debug logs can disclose sensitive webhook URLs containing private information. The issue is mitigated by upgrading to version 1.3.2, which redacts sensitive webhook URLs...

Code injection

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

CVE-2021-43838 Regular Expression Denial of Service (ReDoS) in jsx-slack

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...