29 matches found
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
VulnCheck KEV: CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
EUVD-2023-2701
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-45311
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any...
Remote Code Execution
fsevents is vulnerable to Remote Code Execution. The vulnerability is caused by loading a fsevents binary from an arbitrary AWS S3 bucket during installation. This S3 bucket URL was vulnerable to take over by malicious actors, but a security researcher claimed the bucket URL to protect against...
Code injection in fsevents
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
GHSA-8R6J-V8PM-FQW3 Code injection in fsevents
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
Code injection
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
UBUNTU-CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
fsevents Code Injection Vulnerability
fsevents is a library of fsevents open source. A code injection vulnerability exists in versions prior to fsevents 1.2.11 that stems from allowing an attacker to execute arbitrary code via a URL...
CVE-2023-45311
The CVE affects fsevents prior to 1.2.11, which depends on the external URL fsevents-binaries.s3-us-west-2.amazonaws.com. If code from that URL was distributed when it was controlled by an attacker, arbitrary code execution could occur. Affected projects must upgrade to fsevents 1.2.11 or later (...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
PT-2023-29492
Name of the Vulnerable Software and Affected Versions fsevents versions prior to 1.2.11 Description The issue arises from fsevents depending on a specific URL, https://fsevents-binaries.s3-us-west-2.amazonaws.com, which could potentially allow an adversary to execute arbitrary code if a JavaScrip...
CVE-2023-45311
fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project that depends on fsevents distributes code that was obtained from that URL at a time when it was controlled by an...
Malicious code in fsevents (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acdc3ae57250fab51aeff6e3938ed40197a1b74eb688a72cd5d7eee0c77a7167 This advisory is intended to inform the npm ecosystem with details to resolve a third-party malware incident that may have impacted your infrastructure i...
11-builder (=0.1.0), 5argon-react-scripts (>=1.0.3 <=1.0.11) +1340 more potentially affected by unknown CVE via fsevents (>=1.0.14 <=1.1.3)
fsevents NPM version =1.0.14, =1.0.3, =0.0.1, =1.1.0-1, =1.0.0, =1.1.2, =1.0.10, =0.0.0, =0.6.0-private.1, =0.0.1, =2.0.0, =2.1.1 and more Source cves: unknown CVE Source advisory: OSV:MAL-2023-462...