7 matches found
EUVD-2024-3377
Malicious code in bioql PyPI...
deno (>=1.13.0 <=1.13.2), easyops_deno (>=1.12.2 <=1.13.0) potentially affected by CVE-2024-32468 via deno_doc (=0.10.0)
denodoc CARGO version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on denodoc and may be impacted: - deno =1.13.0, =1.12.2, =1.13.0 Source cves: CVE-2024-32468 Source advisory: OSV:GHSA-QQWR-J9MM-FHW6...
GHSA-QQWR-J9MM-FHW6 deno_doc's HTML generator vulnerable to Cross-site Scripting
Summary Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. Details & PoC 1. XSS in generated searchindex.js denodoc outputed a JavaScript file for searching. However, the generated file used innerHTML on unsanitzed HTML input...
deno_doc's HTML generator vulnerable to Cross-site Scripting
Summary Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. Details & PoC 1. XSS in generated searchindex.js denodoc outputed a JavaScript file for searching. However, the generated file used innerHTML on unsanitzed HTML input...
CVE-2024-32468
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...
CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...