Lucene search
+L

70 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.5 views

CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

9.8CVSS6.9AI score0.01113EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/07 12:0 a.m.10 views

The vulnerability of the dynamicImport() function in the lilconfig configuration tool allows a hacker to execute arbitrary code.

The vulnerability of the dynamicImport function in the lilconfig configuration tool is related to improper handling of code generation when processing the.d.ts syntax. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS6AI score0.01065EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2024/11/01 4:6 a.m.3 views

SUSE CVE-2024-21537

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...

8.8CVSS7.2AI score0.01065EPSS
Exploits0References3
OSV
OSV
added 2024/10/31 5:0 a.m.9 views

CVE-2024-21537

Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function. An attacker can exploit this vulnerability by passing a malicious input through the defaultLoaders function...

8.8CVSS7.1AI score0.01065EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/10/31 12:0 a.m.4 views

Lilconfig 安全漏洞

Lilconfig is a nodejs configuration finder by the individual developer Anton Kastritskii. A security vulnerability exists in Lilconfig version 3.1.0 up to and including version 3.1.1, which stems from the unsafe use of eval in the dynamicImport function. An attacker can exploit the vulnerability ...

8.8CVSS7.1AI score0.01065EPSS
Exploits0References4
OSV
OSV
added 2024/10/16 1:11 p.m.6 views

MAL-2024-9762 Malicious code in plugin-transform-dynamic-import (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/16 1:11 p.m.6 views

Malicious code in plugin-transform-dynamic-import (npm)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
OSV
OSV
added 2024/09/17 7:28 p.m.7 views

GHSA-64VR-G452-QVP3 Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS

Summary We discovered a DOM Clobbering vulnerability in Vite when building scripts to cjs/iife/umd output format. The DOM Clobbering gadget in the module can lead to cross-site scripting XSS in web pages where scriptless attacker-controlled HTML elements e.g., an img tag with an unsanitized name...

6.4CVSS5.7AI score0.00636EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2023/08/09 2:43 p.m.37 views

SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

Impact This is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as...

9.8CVSS7.8AI score0.01234EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/08/09 2:43 p.m.72 views

GHSA-9C4H-3F7H-322R SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

Impact This is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References4
NVD
NVD
added 2023/08/08 5:15 p.m.41 views

CVE-2023-39532

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References2
Prion
Prion
added 2023/08/08 5:15 p.m.18 views

Code injection

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

7.5CVSS9.7AI score0.01234EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/08/08 4:51 p.m.55 views

CVE-2023-39532

SES is a JavaScript environment with a confinement hole in guest compartments that can allow exfiltration or arbitrary code execution via dynamic import after a spread operator ({...import(...)}) in vulnerable versions (0.18.0–0.18.7, 0.17.0–0.17.1, 0.16.0–0.16.1, 0.15.0–0.15.24, 0.14.0–0.14.5, 0...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/08 4:51 p.m.17 views

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS7.5AI score0.01234EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/08 4:51 p.m.50 views

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.9AI score0.01234EPSS
Exploits1References2
OSV
OSV
added 2023/08/08 4:51 p.m.34 views

CVE-2023-39532 SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of...

9.8CVSS9.4AI score0.01234EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.6 views

PT-2023-27003 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: SES versions 0.13.0 through 0.13.4 SES versions 0.14.0 through 0.14.4 SES versions 0.15.0 through 0.15.23 SES versions 0.16.0 through 0.16.0 SES versions 0.17.0 through 0.17.0 SES versions 0.18.0 through 0.18.6 Description: There is a hole in...

9.8CVSS9.7AI score0.01234EPSS
Exploits1References15
Veracode
Veracode
added 2023/08/06 9:35 a.m.15 views

Information Disclosure

firefox is vulnerable to Information Disclosure. A remote unauthenticated attacker is able to gain access to script base URLs due to dynamic import, resulting in disclosure of sensitive information...

5.3CVSS7.2AI score0.00524EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/06/19 10:15 a.m.17 views

CVE-2023-32208

Service workers could reveal script base URL due to dynamic import. This vulnerability affects Firefox 113...

5.3CVSS5.6AI score0.00524EPSS
Exploits0References3
OSV
OSV
added 2023/06/19 10:15 a.m.6 views

CVE-2023-32208

Service workers could reveal script base URL due to dynamic import. This vulnerability affects Firefox 113...

5.3CVSS7.4AI score0.00524EPSS
Exploits0References3
Rows per page
Query Builder