3 matches found
ges.librarycatalog.dover.nh.gov Cross Site Scripting vulnerability OBB-2222582
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| ges.librarycatalog.dover.nh.gov ---|---...
CVE-2018-12556
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...
CVE-2018-12556
The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...