14 matches found
MAL-2025-138871 Malicious code in mid-beige-crow (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9ca8ef80ed1424a16d0ef56b45604fd1e48ff68854abb8804c40184aac248076 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2021-10482
Malware in sbrugna...
EUVD-2021-10752
Malware in sbrugna...
EUVD-2023-29980
Malicious code in bioql PyPI...
CVE-2023-26142
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and addheader functions. An attacker can add the \r\n carriage return line feeds...
CVE-2023-26142
The CVE-2023-26142 entry concerns the Crow C++ microframework. Affected component: header construction in set_header/add_header; root cause: HTTP Response Splitting due to inadequate sanitization against CRLF injection. Impact (as described): an attacker can inject CRLF sequences to terminate hea...
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Overview Affected versions of this package are vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the setheader and...
CVE-2021-23824
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
CVE-2021-23824
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
Cross site scripting
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
CVE-2021-23514
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...
CVE-2021-23514
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...
Code injection
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...
CVE-2021-23514 Path Traversal
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server...