6 matches found
@appium/base-driver (>=10.0.0 <=10.1.1), @breautek/storm (>=9.0.0 <=9.2.4) +74 more potentially affected by CVE-2025-13466 via body-parser (=2.2.0)
body-parser NPM version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on body-parser and may be impacted: - @appium/base-driver =10.0.0, =9.0.0, =3.8.8, =1.114.0, =11.8.0, =3.4.0, =11.0.19, =0.1.0, =4.0.1, =1.0.0-beta.2, =0.0.1-beta.0,...
@herodevs/cli (>=1.0.0-beta.2 <=2.0.0-beta.4), @socketsecurity/cli (>=0.10.0 <=0.11.1) +1 more potentially affected by CVE-2024-50611 via @cyclonedx/cdxgen (>=10.11.0 <=11.11.0)
@cyclonedx/cdxgen NPM version =10.11.0, =1.0.0-beta.2, =0.10.0, =0.1.0, =0.2.2 Source cves: CVE-2024-50611 Source advisory: OSV:GHSA-HXF3-VGPM-FV9P...
CycloneDX cdxgen may execute code contained within build-related files
CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
GHSA-HXF3-VGPM-FV9P CycloneDX cdxgen may execute code contained within build-related files
CycloneDX cdxgen prior to 11.1.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
CVE-2024-50611
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...
CVE-2024-50611
CycloneDX cdxgen through 10.10.7, when run against an untrusted codebase, may execute code contained within build-related files such as build.gradle.kts, a similar issue to CVE-2022-24441. cdxgen is used by, for example, OWASP dep-scan. NOTE: this has been characterized as a design limitation,...