9244 matches found
Cross-Site Scripting in jquery
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors wh...
CVE-2020-15146
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15143
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15143
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
Remote code execution
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
Remote code execution
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
GHSA-M45F-4828-5CV5 Regular Expression Denial of Service in highcharts
Withdrawn: Duplicate of GHSA-xmc8-cjfr-phx3...
GHSA-4X7C-CX64-49W8 Regular Expression Denial of Service in is-my-json-valid
Withdrawn: Duplicate of GHSA-f522-ffg8-j8r6...
Regular Expression Denial of Service in is-my-json-valid
Withdrawn: Duplicate of GHSA-f522-ffg8-j8r6...
Remote Code Execution in SyliusResourceBundle
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
GHSA-P4PJ-9G59-4PPV Remote Code Execution in SyliusResourceBundle
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
CVE-2020-15143
CVE-2020-15143 affects the SyliusResourceBundle. Affected versions are prior to 1.3.14, 1.4.7, 1.5.2 and 1.6.4, where request parameters injected into expressions evaluated by the Symfony expression-language package were not properly sanitized. This allows an attacker to access any public service...
CVE-2020-15143 Remote Code Execution in SyliusResourceBundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
CVE-2020-15146
CVE-2020-15146 affects SyliusResourceBundle used with Symfony. The vulnerability occurs when request parameters are injected into expressions evaluated by the Symfony expression-language, allowing an attacker to access public services and perform Remote Code Execution. Affected versions are
CVE-2020-15146 Remote Code Execution in SyliusResourceBundle
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter,...
Remote Code Execution in SyliusResourceBundle
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
GHSA-H6M7-J4H3-9RF5 Remote Code Execution in SyliusResourceBundle
Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...
In the GNU C Library (aka glibc or libc6) through 2.29 check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
...
Prototype Pollution
Overview property-expr is a tiny util for getting and setting deep object props safely Affected versions of this package are vulnerable to Prototype Pollution via the setter function. POC var expr = require'property-expr'; expr.setter'proto.polluted', true; console.logpolluted; // true Details...