CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

browserify-sign Data Forgery Issue Vulnerability

browserify-sign is a package for replicating the node encryption public key function. A security vulnerability exists in browserify-sign, which stems from a faulty ceiling check in the dsaVerify function that allows an attacker to successfully verify a signature with any public key, leading to a...

CVE-2023-46234

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

PT-2023-9034 · Unknown +5 · Browserify-Sign +5

Name of the Vulnerable Software and Affected Versions: browserify-sign versions prior to 4.2.2 Description: The issue is related to an upper bound check problem in the dsaVerify function, which allows an attacker to construct signatures that can be successfully verified by any public key. This...

Authentication Bypass

airtable is vulnerable to authentication bypass. The vulnerability exists because the AIRTABLEAPIKEY and AIRTABLEENDPOINTURL environment variables are inserted during browserify builds which allows an attacker to gain access to user accounts via authentication credentials...

CVE-2022-46155

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

PT-2022-27772 · Airtable · Airtable.Js

Name of the Vulnerable Software and Affected Versions: Airtable.js versions prior to 0.11.6 Description: The issue arises from a misconfigured build script in the Airtable.js source package, which bundles environment variables into the build target of a transpiled bundle. Specifically, the AIRTAB...

CVE-2022-46155 Airtable.js credentials exposed in browser builds

Airtable.js is the JavaScript client for Airtable. Prior to version 0.11.6, Airtable.js had a misconfigured build script in its source package. When the build script is run, it would bundle environment variables into the build target of a transpiled bundle. Specifically, the AIRTABLEAPIKEY and...

thlorenz browserify-shim vulnerable to prototype pollution

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

GHSA-CFGR-75JX-H88G thlorenz browserify-shim vulnerable to prototype pollution

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

CVE-2022-37623

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

CVE-2022-37623

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

Code injection

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

CVE-2022-37623

CVE-2022-37623 affects the browserify-shim project by a prototype-pollution vulnerability in the internal function resolveShims (resolve-shims.js) that is exploitable through the shimPath variable. The affected version is 3.8.15 . CVSSv3.1/vectors listed in the initial document indicate a CRITICA...

CVE-2022-37623

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

browserify-shim 品安全漏洞

browserify-shim is the thlorenz personal developer's tool for making CommonJS-incompatible files browsable. A security vulnerability exists in browserify-shim version 3.8.15, which originates from a prototype chain contamination that can be caused by an attacker via the shimPath variable in the...

PT-2022-24033 · Npm · Browserify-Shim

Name of the Vulnerable Software and Affected Versions: browserify-shim version 3.8.15 Description: The issue is related to a prototype pollution vulnerability in the resolveShims function, located in the resolve-shims.js file. This vulnerability is exploitable via the shimPath variable in...

CVE-2022-37623

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the shimPath variable in resolve-shims.js...

thlorenz browserify-shim vulnerable to prototype pollution

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

GHSA-R737-347M-WQC7 thlorenz browserify-shim vulnerable to prototype pollution

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...