Cloudinary Node SDK 安全漏洞

Cloudinary Node SDK is a Cloudinary open source development toolkit for Cloudinary NPM. A security vulnerability exists in Cloudinary Node SDK versions prior to 2.7.0, which stems from improper parsing of parameter values containing with symbols, which could lead to an arbitrary parameter injecti...

PT-2025-45601

Name of the Vulnerable Software and Affected Versions cloudinary versions prior to 2.7.0 Description The package is susceptible to Arbitrary Argument Injection because of improper parsing of parameter values that include an ampersand &. This allows an attacker to inject additional, unintended...

Malicious code in cloudinary-url-builder (npm)

The package cloudinary-url-builder was found to contain malicious code...

MAL-2025-17181 Malicious code in cloudinary-url-builder (npm)

The package cloudinary-url-builder was found to contain malicious code...

9-jobber-shared (=1.0.0), @accounter/server (>=0.0.1-alpha-20240307145247-66232ffd2f926ee16fb5781f8c93d98fdf4d1416 <=0.0.3-alpha-20241114141215-09b7d417e7e139562b2a77a6eb2d990da536e1ec) +262 more potentially affected by CVE-2025-12613 via cloudinary (>=2.0.3 <=2.6.1)

cloudinary NPM version =2.0.3, =0.0.1-alpha-20240307145247-66232ffd2f926ee16fb5781f8c93d98fdf4d1416, =1.0.0, =1.0.0, =0.0.3, =1.0.0, =0.0.11, =1.0.0, =1.0.0, =1.0.0, =1.0.19, =1.0.0, =1.0.0, =1.0.2 and more Source cves: CVE-2025-12613 Source advisory: SNYK:JS-CLOUDINARY-10495740...

Arbitrary Argument Injection

Overview cloudinary is a Cloudinary NPM for node.js integration Affected versions of this package are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a...

MAL-2024-12111 Malicious code in cloudinary-ct-run-sub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8b17191416c445db03bfceae872f6642a1171a2300b65df0c546dd5a1fc19bc The OpenSSF Package Analysis project identified 'cloudinary-ct-run-sub' @ 1.1.0 npm as malicious. It is considered malicious because: - The...

Malicious code in cloudinary-ct-run-sub (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b8b17191416c445db03bfceae872f6642a1171a2300b65df0c546dd5a1fc19bc The OpenSSF Package Analysis project identified 'cloudinary-ct-run-sub' @ 1.1.0 npm as malicious. It is considered malicious because: - The...

Malicious code in dragonfly_cloudinary-datastore (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in dragonfly_cloudinary (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6876 Malicious code in dragonfly_cloudinary-datastore (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

@angular-devkit/build-angular (>=17.1.0-next.1 <=18.0.0-next.1), @directus/api (>=15.0.0 <=19.0.2) +25 more potentially affected by CVE-2024-30260 via undici (>=6.0.1 <=6.10.2)

undici NPM version =6.0.1, =17.1.0-next.1, =15.0.0, =10.0.15, =1.0.7, =18.0.0-next.3, =18.0.0-next.3, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.0-alpha.22, =1.0.5, =1.0.6 and more Source cves: CVE-2024-30260 Source advisory: OSV:GHSA-M4V8-WQVR-P9F7...

MAL-2022-1937 Malicious code in cloudinary-sample-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49694f2b1b48b5a28ba485c7808e655d8e6d97d0414106b4d99363edd6c3257a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1004 Malicious code in angular-cloudinary-photo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b59796ba271976005dde455be31a416442de0369ccdf3a101759a3ccdcaea1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in cloudinary-sample-angular (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49694f2b1b48b5a28ba485c7808e655d8e6d97d0414106b4d99363edd6c3257a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in angular-cloudinary-photo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4b59796ba271976005dde455be31a416442de0369ccdf3a101759a3ccdcaea1a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview dragonflycloudinary-datastore is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid usi...

Reverb.com: Basic auth details is still work on report ( 351555 )

Hi , Seem report 351555 is not full fixed where 434762629765715:PQlkrSHPqqjhIBc0MmUkdjcqpps basic auth details are Still work on login Poc : https://api.cloudinary.com/v11/reverb/usage F309894 Impact information Disclose...

Reverb.com: Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app

Hi, in file com/reverb/app/CloudinaryFacade.java you have hardcoded the following config: java private static final java.lang.String CONFIG = "cloudinary://434762629765715:█████@reverb"; where 434762629765715:████████ is basic auth details. It shouldn't be disclosed to third parties as official...