6 matches found
crosis information leakage vulnerability
crosis is a JavaScript client that uses the Replit container protocol. crosis is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain a token used to connect to Repl...
CVE-2022-21671
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...
CVE-2022-21671
The CVE-2022-21671 issue affects @replit/crosis (JavaScript client for Replit’s container protocol) in versions before 7.3.1. When multiple WebSocket contact attempts fail, the client falls back to a polling proxy whose URL may route to an untrusted server, enabling an attacker to obtain the Repl...
CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis
@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...
crosis 安全漏洞
crosis is a JavaScript client that uses the Replit container protocol. crosis is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain a token used to connect to Repl...
PT-2022-15025 · Replit · @Replit/Crosis
Name of the Vulnerable Software and Affected Versions: @replit/crosis versions prior to 7.3.1 Description: A vulnerability exists that involves exposure of sensitive information. When using the library to communicate with Replit in a standalone fashion, if there are multiple failed attempts to...