EUVD-2021-0757

Malware in sbrugna...

Arbitrary code execution in djv

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

@attraqt/activity (>=0.0.1 <=1.3.0-alpha.3), @attraqt/xo-js (=0.0.1) +4 more potentially affected by CVE-2020-28464 via djv (>=0.1.4 <=2.1.3-alpha.0)

djv NPM version =0.1.4, =0.0.1, =1.1.8, =1.0.3, =0.4.0, =1.0.1, =1.0.1-beta.1 Source cves: CVE-2020-28464 Source advisory: OSV:GHSA-4HV7-3Q38-97M8...

GHSA-4HV7-3Q38-97M8 Arbitrary code execution in djv

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

Korzio Djv Command Injection Vulnerability

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

Arbitrary Code Execution

djv is vulnerable to Arbitrary Code Execution. An attacker is able to execute arbitrary Javascript code on the host OS by controlling the schema file...

CVE-2020-28464

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

Code injection

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

CVE-2020-28464 Remote Code Execution (RCE)

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

CVE-2020-28464

CVE-2020-28464 affects the npm package djv prior to 2.1.4 . By controlling the schema file, an attacker can cause the runtime to execute arbitrary JavaScript on the victim host, i.e., a remote code execution (RCE) scenario. Several sources (NVD, GHSA, OSV, CNVD, Veracode, Snyk) consistently descr...

Korzio Djv 命令注入漏洞

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

@attraqt/activity (>=0.0.1 <=1.3.0-alpha.3), @attraqt/xo-js (=0.0.1) +2 more potentially affected by CVE-2020-28464 via djv (=2.1.3-alpha.0)

djv NPM version =2.1.3-alpha.0 is affected by a known vulnerability. The following packages have a transitive dependency on djv and may be impacted: - @attraqt/activity =0.0.1, =1.1.8, =1.0.3, =1.1.6 Source cves: CVE-2020-28464 Source advisory: SNYK:JS-DJV-1014545...

Remote Code Execution (RCE)

Overview djv is a dynamic json-schema validator Affected versions of this package are vulnerable to Remote Code Execution RCE. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine. POC: const djv = require'djv'; const env = new djv; const evilSchema ...

CVE-2012-6535

DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted DjVu aka .djv file...