3 matches found
CVE-2019-5479
An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...
CVE-2019-5479
An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...
CVE-2019-5479
CVE-2019-5479 affects larvitbase-api (node package). Versions prior to 0.5.4 allow an Unintended Require where an exposed API endpoint passes a GET parameter to a require() call, enabling an attacker to load and execute arbitrary JavaScript files present in the server directory. Public descriptio...