Lucene search
+L

6 matches found

cnvd
cnvd
added 2022/01/13 12:0 a.m.33 views

crosis information leakage vulnerability

crosis is a JavaScript client that uses the Replit container protocol. crosis is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain a token used to connect to Repl...

8.1CVSS1.1AI score0.0112EPSS
Exploits0References1
nvd
nvd
added 2022/01/11 3:15 p.m.36 views

CVE-2022-21671

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

8.1CVSS0.0112EPSS
Exploits0References2
cve
cve
added 2022/01/11 3:5 p.m.93 views

CVE-2022-21671

The CVE-2022-21671 issue affects @replit/crosis (JavaScript client for Replit’s container protocol) in versions before 7.3.1. When multiple WebSocket contact attempts fail, the client falls back to a polling proxy whose URL may route to an untrusted server, enabling an attacker to obtain the Repl...

8.1CVSS6.6AI score0.0112EPSS
Exploits0References2Affected Software1
osv
osv
added 2022/01/11 3:5 p.m.28 views

CVE-2022-21671 Potential exposure of Replit tokens to an Unauthorized Actor in @replit/crosis

@replit/crosis is a JavaScript client that speaks Replit's container protocol. A vulnerability that involves exposure of sensitive information exists in versions prior to 7.3.1. When using this library as a way to programmatically communicate with Replit in a standalone fashion, if there are...

8.1CVSS7.1AI score0.0112EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/01/11 12:0 a.m.5 views

crosis 安全漏洞

crosis is a JavaScript client that uses the Replit container protocol. crosis is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain a token used to connect to Repl...

8.1CVSS5.6AI score0.0112EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/01/11 12:0 a.m.8 views

PT-2022-15025 · Replit · @Replit/Crosis

Name of the Vulnerable Software and Affected Versions: @replit/crosis versions prior to 7.3.1 Description: A vulnerability exists that involves exposure of sensitive information. When using the library to communicate with Replit in a standalone fashion, if there are multiple failed attempts to...

8.1CVSS7AI score0.0112EPSS
Exploits0References7
Rows per page
Query Builder