PT-2024-30525 · Unknown · Ecmascript

Name of the Vulnerable Software and Affected Versions: ECMAScript affected versions not specified Description: A problem in the ECMAScript specification of async generators may lead to mis-implementation in a way that could present as a security issue, such as type confusion and pointer...

CVE-2024-27088

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

Code injection

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

CVE-2024-27088

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

CVE-2024-27088

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. The vulnerability is patched in v0.10.63...

CVE-2024-27088

CVE-2024-27088 affects the es5-ext library, which provides ECMAScript 5 extensions. The issue arises when passing functions with very long names or complex default argument names into the library’s copy or toStringTokens routines, potentially causing the script to stall. The vulnerability is publ...

PT-2024-6044 · Es5-Ext +2 · Es5-Ext +2

Name of the Vulnerable Software and Affected Versions: es5-ext versions prior to 0.10.63 Description: The issue is related to the es5-ext package, which contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or...

CryptoES Security Vulnerability

CryptoES is a library of cryptographic algorithms compatible with ES6 and TypeScript. A security vulnerability exists in CryptoES that stems from the use of an insecure cryptographic hash algorithm...

HTMLSmuggler - HTML Smuggling Generator And Obfuscator For Your Red Team Operations

The full explanation what is HTML Smuggling may be found here. The primary objective of HTML smuggling is to bypass network security controls, such as firewalls and intrusion detection systems, by disguising malicious payloads within seemingly harmless HTML and JavaScript code. By exploiting the...

Unsanitized user controlled input in module generation

Impact The import-in-the-middle loader used by @opentelemetry/instrumentation works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes...

GHSA-F8PQ-3926-8GX5 Unsanitized user controlled input in module generation

Impact The import-in-the-middle loader used by @opentelemetry/instrumentation works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes...

import-in-the-middle has unsanitized user controlled input in module generation

Impact The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. It allows for remote code execution in cases where an application passes user-supplied input directly to an import...

CVE-2023-38704

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

Input validation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-38704 import-in-the-middle allows unsanitized user controlled input in module generation

import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for...

CVE-2023-29549

Under certain circumstances, a call to the bind function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

SUSE CVE-2011-2616

Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service memory consumption via unknown content on a web page, as demonstrated by test262.ecmascript.org...

SUSE CVE-2015-4516

Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 aka ES5 API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs...

PT-2022-10233 · Mjs · Mjs

Name of the Vulnerable Software and Affected Versions: mjs affected versions not specified Description: An issue was discovered in mjs, a Restricted JavaScript engine, affecting ES6 JavaScript version 6. The problem lies in memory leaks within the frozen cb function in mjs.c. Recommendations: At...

Cesanta MJS 缓冲区错误漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. A security vulnerability exists in Cesanta MJS mJS: Restricted JavaScript engine...