10 matches found
GHSA-Q2QQ-HMJ6-3WPP vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, vector, ztunnel, deno, shadowsocks-rust...
GHSA-Q2QQ-HMJ6-3WPP vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, vector, komodo, shadowsocks-rust, ztunnel-fips, deno, ztunnel...
GHSA-XP3W-R5P5-63RR vulnerabilities
Vulnerabilities for packages: bootc, sccache, valkey-ldap, vector, typst, sdp-k8s-injector, komodo, ztunnel-fips, guestproxyagent, rustup, sqlx, rpm-sequoia, deno, sentry-cli, rustls-openssl-client...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
GHSA-H97M-WW89-6JMQ vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, qdrant, rye, oranda, deno, pixi, sdp-k8s-injector, sccache, helix, samply, wash, wadm, nushell, cargo-audit, lychee, berg, shadowsocks-rust, tealdeer, rustup, buck2, convco, parseable, wasmcloud, zellij, wizer, rust-analyzer, linkerd2, wasmtime, xh,...
CVE-2024-12224 vulnerabilities
Vulnerabilities for packages: linkerd2-proxy, qdrant, rye, oranda, deno, pixi, sdp-k8s-injector, sccache, helix, samply, wash, wadm, nushell, cargo-audit, lychee, berg, shadowsocks-rust, tealdeer, rustup, buck2, convco, parseable, wasmcloud, zellij, wizer, rust-analyzer, linkerd2, wasmtime, xh,...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
Design/Logic Flaw
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
CVE-2023-26103
Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service ReDoS due to the upgradeWebSocket function, which contains regexes in the form of /s,s/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to...
Sensitive data exposure in NATS
Preview versions of two NPM packages and one Deno package from the NATS project contain an information disclosure flaw, leaking options to the NATS server; for one package, this includes TLS private credentials. The connection configuration options in these JavaScript-based implementations were...