20 matches found
EUVD-2019-0302
Malware in sbrugna...
EUVD-2021-1134
Malware in sbrugna...
EUVD-2019-0349
Malware in sbrugna...
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
OS Command Injection in closure-compiler-stream
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...
GHSA-M647-5WF9-3JP3 OS Command Injection in closure-compiler-stream
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument options of the exports function in index.js can be controlled by users without any sanitization...
OS Command Injection
closure-compiler-stream is vulnerable to OS command injection. The args options are passed to the exec function without any validation and sanitization, allowing an attacker to inject and execute arbitrary OS commands...
closure-compiler-stream injection vulnerability
closure-compiler-stream is a stream interface to a closure compiler. A security vulnerability exists in closure-compiler-stream version 0.1.15 and earlier, which stems from the program failing to perform any cleanup operations on the user-controllable 'options' parameter. An attacker could use th...
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
CVE-2020-7603
CVE-2020-7603 affects the Node.js module closure-compiler-stream (version 0.1.15 and earlier). The root cause is that the argument module’s exports function options parameter in index.js is controllable by users without sanitization, enabling arbitrary command execution. Multiple sources corrobor...
Command Injection
Overview closure-compiler-stream is a Streaming interface for closure compiler. Affected versions of this package are vulnerable to Command Injection. The argument options of the exports function in index.js can be controlled by users without any sanitization. PoC var root =...
GHSA-HJGP-8FFR-HWWR closurecompiler downloads Resources over HTTP
Affected versions of closurecompiler insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on th...
GHSA-69R7-CW26-PX6H Downloads Resources over HTTP in google-closure-tools-latest
Affected versions of google-closure-tools-latest insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
grunt-ccompiler Man-in-the-Middle Attack Vulnerability
grunt-ccompiler is a Grunt plugin for compiling Closure. A security vulnerability exists in grunt-ccompiler that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing the requested binary with an...
CVE-2016-10636
grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...
CVE-2016-10636
** grunt-ccompiler** is a Closure Compiler Grunt Plugin that insecurely downloads executables over HTTP. An attacker with a privileged network position can intercept the response and replace the binary with a malicious one, potentially causing remote code execution on the system running grunt-cco...
CVE-2016-10636
grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on...
CVE-2016-10635
broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary...
Downloads Resources over HTTP
Overview Affected versions of google-closure-tools-latest insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...