MAL-2025-19812 Malicious code in es6-http-status-codes (npm)

The package es6-http-status-codes was found to contain malicious code...

MAL-2025-17124 Malicious code in client-hooks-eslint-es6 (npm)

The package client-hooks-eslint-es6 was found to contain malicious code...

MAL-2025-22050 Malicious code in gulp-es6-browserfy-boilerplate (npm)

The package gulp-es6-browserfy-boilerplate was found to contain malicious code...

MAL-2025-25600 Malicious code in lootsie-sdk-ui-es5-inferno (npm)

The package lootsie-sdk-ui-es5-inferno was found to contain malicious code...

Malicious code in es6-module-package (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ba0c43a1f7b9408d4c635c3862281a3d3c970336ed789bd8a02920546e626da Any computer that has this package installed or running should be considered...

CVE-2008-1133

The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting XSS attacks...

CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)

Summary Usage of the Butterfly.prototype.parseJSON or getJSON functions on an attacker-controlled crafted input string allows the attacker to execute arbitrary JavaScript code on the server. Since Butterfly JavaScript code has access to Java classes, it can run arbitrary programs. Details The...

The vulnerabilities of the functions function#copy and function#toStringTokens in ECMAScript 5 from the es5-ext package allow a attacker to cause a service failure.

The vulnerabilities of the functioncopy and functiontoStringTokens functions in ECMAScript 5, part of the es5-ext package, involve uncontrolled resource consumption. Exploiting these vulnerabilities can allow attackers to cause service failures...

ROS-20240904-12

A vulnerability in the ECMAScript 5 extension of the es5-ext package is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

CVE-2024-43357

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

CVE-2024-43357 JavaScript specification issue may lead to type confusion and pointer dereference in implementations

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

CVE-2024-43357

CVE-2024-43357 describes a bug in the ECMA-262 Async Generators: IteratorResult objects can be made then-able, allowing re-entry into the async generator machinery and violating internal invariants. The root cause is a May 2021 spec refactor that leaves IteratorResult objects inheriting from Obje...

CVE-2024-43357 JavaScript specification issue may lead to type confusion and pointer dereference in implementations

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

CVE-2024-43357 JavaScript specification issue may lead to type confusion and pointer dereference in implementations

ECMA-262 is the language specification for the scripting language ECMAScript. A problem in the ECMAScript JavaScript specification of async generators, introduced by a May 2021 spec refactor, may lead to mis-implementation in a way that could present as a security vulnerability, such as type...

ECMAScript 安全漏洞

ECMAScript is a language library open-sourced by Ecma TC39. A security vulnerability exists in versions prior to ECMAScript 2022 through 2025 that stems from the presence of a JavaScript specification issue that leads to type confusion and pointer dereferencing in implementations...

Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Details Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by method...

GHSA-F67Q-WR6W-23JQ Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Details Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by method...