EUVD-2022-1949

Malicious code in bioql PyPI...

CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

Improper Control of Generation of Code in doT

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

@adobe/dc-services-node-sdk (>=0.5.0 <=1.0.0), @adobe/documentservices-pdftools-node-sdk (>=1.1.0 <=1.3.1) +109 more potentially affected by CVE-2020-7639 via eivindfjeldstad-dot (=0.0.1)

eivindfjeldstad-dot NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on eivindfjeldstad-dot and may be impacted: - @adobe/dc-services-node-sdk =0.5.0, =1.1.0, =2.0.0, =0.5.0-beta, =1.0.1, =0.1.0, =0.0.1, =4.5.1, =1.1.15-160, =0.1.0,...

dot package code injection vulnerability

dot package is a JavaScript template engine . A code injection vulnerability exists in dot package v1.1.2. The vulnerability stems from the failure of a network system or product to properly filter specific elements of externally input data during the construction of code snippets. An attacker...

CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

DEBIAN-CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

Design/Logic Flaw

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

CVE-2020-8141

CVE-2020-8141 affects the dot package (v1.1.2). The vulnerability stems from using Function() to compile templates, which can be abused if an attacker can control the template or the value on Object.prototype. The connected advisories (GitHub GHSA-297X-8XJ4-VCXV and OSV/NVD entries) describe the ...

CVE-2020-8141

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...

Node.js third-party modules: Code Injection Vulnerability in dot Package

I would like to report a code injection vulnerability in dot. It allows attackers to execute arbitrary JS code, especially when combined with a prototype pollution attack. Module module name: dot version: 1.1.2 npm page: https://www.npmjs.com/package/dot Module Description Created in search of th...