1294 matches found
Route Validation Bypass
Overview Affected versions of call do not validate empty parameters, which may result in a bypass of route validation rules. Proof of Concept Routing Scheme: /api/param/param2/details Triggering Request Path: /api/// Recommendation Update to version 3.0.2 or later. References - Issue 3228 - GitHu...
Insecure Defaults Leads to Potential MITM
Overview Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running...
SQL Injection
Overview Affected versions of sequelize are vulnerable to SQL Injection in locations where user input is passed into the limit or order parameters of sequelize query calls, such as findOne or findAll. Recommendation Update to version 3.17.0 or later. References - PR 5167 - Commit f282d8 - GitHub...
Template Injection
Overview Affected versions of jsrender are susceptible to a remote code execution vulnerability when used with server delivered client-side tempates which dynamically embed user input. Proof of Concept for x!=1?constructor.constructor"return arguments.callee.caller":y10 :data /for function...
Insecure Default Configuration
Overview Affected versions of airbrake default to sending environment variables over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible for them to capture and read these environment variables, which may result in leaking sensitive...
Timing Attack
Overview Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character...
Insecure Entropy Source - Math.random()
Overview Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's. Recommendation Update to version 1.4.4 or later. References - Issue 108 - Issue 122 - GitHub Advisory...
No CSRF Validation
Overview Affected versions of droppy are vulnerable to cross-site socket forgery. The package does not perform verification for cross-domain websocket requests, and as a result, an attacker can create a web page that opens up a websocket connection on behalf of the user visiting the page. The...
Directory Traversal
Overview Affected versions of restafary are susceptible to a directory traversal vulnerability when a root path is specified in the configuration. Proof of Concept curl -i -s -k -X 'GET' -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' 'http://localhost:8000/api/v1/fs/..%2f..%2fetc/passwd'...
Forgeable Public/Private Tokens
Overview Affected versions of the jws package allow users to select what algorithm the server will use to verify a provided JWT. A malicious actor can use this behaviour to arbitrarily modify the contents of a JWT while still passing verification. For the common use case of the JWT as a bearer...
Regular Expression Denial of Service
Overview Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability. Recommendation Update to version 2.3.22 or later. References - Issue 46 - GitHub Advisory...
Authentication Bypass
Overview Versions of hapi-auth-jwt2 prior to version 5.1.2 are affected by a complete authentication bypass vulnerability when in the try authentication mode. Recommendation Update to version 5.1.2 or later. References - Issue 111 - PR 112 - GitHub Advisory...
Content Injection via TileJSON Name
Overview Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject...
Denial of Service
Overview Versions of hapi prior to 11.1.3 are affected by a denial of service vulnerability. The vulnerability is triggered when certain input is passed into the If-Modified-Since or Last-Modified headers. This causes an 'illegal access' exception to be raised, and instead of sending a HTTP 500...
Symlink Arbitrary File Overwrite
Overview Versions of tar prior to 2.0.0 are affected by an arbitrary file write vulnerability. The vulnerability occurs because tar does not verify that extracted symbolic links to not resolve to targets outside of the extraction root directory. Recommendation Update to version 2.0.0 or later...
Regular Expression Denial of Service
Overview Versions of moment prior to 2.11.2 are affected by a regular expression denial of service vulnerability. The vulnerability is triggered when arbitrary user input is passed into moment.duration. Proof of concept var moment = require'moment'; var genstr = function len, chr var result = "";...
Regular Expression Denial of Service
Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...
Regular Expression Denial of Service
Overview The jadedown package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in. Proof of concept var jadedown = require'jadedown'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr; return...
Regular Expression Denial of Service
Overview The ansi2html package is affected by a regular expression denial of service vulnerability when certain types of user input is passed in. Proof of concept var ansi2html = require'ansi2html' var start = process.hrtime; ansi2html"1111111111111111111111;0000000000000000000000";...
Content Injection via TileJSON attribute
Overview Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.tileLayer are used to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious use...