Lucene search
+L

8 matches found

vulnersOsv
vulnersOsv
added 2025/08/05 1:42 a.m.8 views

@mastra/deployer-netlify (>=0.0.0-a2a-20250421213654 <=0.10.5), @rr0/cms (>=0.3.23 <=0.3.29) +14 more potentially affected by CVE-2025-54387 via ipx (>=2.0.1 <=2.1.0)

ipx NPM version =2.0.1, =0.0.0-a2a-20250421213654, =0.3.23, =1.1.6, =4.0.0, =2.0.3, =0.0.23, =1.0.0, =1.0.2, =21.5.0, =17.4.0, =0.0.7, =0.0.13 - tmp-package-registry =1.0.0 and more Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

9.8CVSS5.8AI score0.00668EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/08/05 1:42 a.m.10 views

@cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15), @enab/uipkg (>=0.0.2-beta.0 <=0.0.2-beta.23) +4 more potentially affected by CVE-2025-54387 via ipx (>=1.0.0-2 <=1.1.0)

ipx NPM version =1.0.0-2, =0.0.1, =0.0.2-beta.0, =0.1.0, =1.0.0-27821548.ab054e4, =0.0.3, =0.0.4-beta-6 Source cves: CVE-2025-54387 Source advisory: SNYK:JS-IPX-11483961...

9.8CVSS5.8AI score0.00668EPSS
Exploits1
NVD
NVD
added 2025/08/05 1:15 a.m.18 views

CVE-2025-54387

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

9.8CVSS0.00668EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/05 12:10 a.m.2 views

CVE-2025-54387 IPX is Vulnerable to Path Traversal via Prefix Matching Bypass

IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 and below, 2.0.0-0 through 2.1.0, and 3.0.0 through 3.1.0, the approach used to check whether a path is within allowed directories is vulnerable to path prefix bypass when the allowed directories do not end with a path...

6.9CVSS6.1AI score0.00668EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/08/04 2:48 p.m.10 views

@mastra/deployer-netlify (>=0.0.0-a2a-20250421213654 <=0.10.5), @rr0/cms (>=0.3.23 <=0.3.29) +14 more potentially affected by CVE-2025-54387 via ipx (>=2.0.1 <=2.1.0)

ipx NPM version =2.0.1, =0.0.0-a2a-20250421213654, =0.3.23, =1.1.6, =4.0.0, =2.0.3, =0.0.23, =1.0.0, =1.0.2, =21.5.0, =17.4.0, =0.0.7, =0.0.13 - tmp-package-registry =1.0.0 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JCR...

9.8CVSS5.8AI score0.00668EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/08/04 2:48 p.m.9 views

@brandboostinggmbh/image (=0.6.2), @cssninja/nuxt-media-viewer (>=0.0.1 <=0.0.15) +46 more potentially affected by CVE-2025-54387 via ipx (>=0.3.2 <=1.1.0)

ipx NPM version =0.3.2, =0.0.1, =1.0.0, =1.0.0-27100507.943fa27, =1.0.3, =1.0.3-27133259.82aaae0, =0.0.2-beta.0, =0.2.0, =14.9.23-prev, =0.6.3, =0.6.2, =1.0.0-beta.2, =1.0.0-beta.2, =1.0.18, =1.0.0-beta.4, =1.0.0-beta.12 and more Source cves: CVE-2025-54387 Source advisory: OSV:GHSA-MM3P-J368-7JC...

9.8CVSS7AI score0.00668EPSS
Exploits1
Circl
Circl
added 2025/08/04 7:39 a.m.19 views

CVE-2025-54387

creationtimestamp| type| source ---|---|--- 2025-08-04 07:39:33+00:00| seen| https://bsky.app/profile/pi0.io/post/3lvkouos7n22t 2025-08-04 07:39:34+00:00| seen| https://bsky.app/profile/pi0.io/post/3lvkouosigc2t 2025-08-04 07:46:22+00:00| seen| https://bsky.app/profile/pi0.io/post/3lvkpauh5ik2t...

9.8CVSS7.3AI score0.00668EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/04 12:0 a.m.12 views

PT-2025-31806 · Ipx · Ipx

Name of the Vulnerable Software and Affected Versions: IPX versions 1.3.1 and below IPX versions 2.0.0-0 through 2.1.0 IPX versions 3.0.0 through 3.1.0 Description: IPX, an image optimizer powered by sharp and svgo, is susceptible to a path prefix bypass when verifying if a path is within allowed...

6.9CVSS6.2AI score0.00668EPSS
Exploits1References14
Rows per page
Query Builder