Hidden Directories Always Served

Overview Versions 1.1.1 and earlier of inert are vulnerable to an information leakage vulnerability which causes files in hidden directories to be served, even when showHidden is false. The inert directory handler always allows files in hidden directories to be served, even when showHidden is...

Cross-Site Scripting

Overview Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php. Recommendation Update to a version greater than 1.10.8. Referenc...

Potential Command Injection

Overview Versions 0.0.1 and earlier of printer are affected by a command injection vulnerability resulting from a failure to sanitize command arguments properly in the printDirect function. Recommendation Update to version 0.0.2 or later. References - Commit e001e38 - GitHub Advisory...

Regular Expression Denial of Service

Overview Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later. References - Issue 152, Comment 48107184 - GitHub Advisory...

Content Injection

Overview Versions 1.4.0 and earlier of remarkable are affected by a cross-site scripting vulnerability. This occurs because vulnerable versions of remarkable did not properly deny link protocols, and consequently allowed javascript: to be used. Proof of Concept Markdown Source: link Rendered HTML...

CORS Token Disclosure

Overview When CORS is enabled on a hapi route handler, it is possible to set a crumb token for a different domain. An attacker would need to have an application consumer visit a site they control, request a route supporting CORS, and then retrieve the token. With this token, they could possibly...

Deserialization Code Execution

Overview Versions 2.0.4 and earlier of js-yaml are affected by a code execution vulnerability in the YAML deserializer. Proof of Concept const yaml = require'js-yaml'; const x = test: !!js/function function f console.log1; ; yaml.loadx; Recommendation Update js-yaml to version 2.0.5 or later, and...

Multiple Content Injection Vulnerabilities

Overview Versions 0.3.0 and earlier of marked are affected by two cross-site scripting vulnerabilities, even when sanitize: true is set. The attack vectors for this vulnerability are GFM Codeblocks and JavaScript URLs. Recommendation Upgrade to version 0.3.1 or later. References GitHub Advisory...

Denial-of-Service Memory Exhaustion

Overview Versions prior to 1.0 of qs are affected by a denial of service condition. This condition is triggered by parsing a crafted string that deserializes into very large sparse arrays, resulting in the process running out of memory and eventually crashing. Recommendation Update to version 1.0...

XSS Filter Bypass via Encoded URL

Overview Versions of validator prior to 2.0.0 contained an xss filter method that is affected by several filter bypasses. This may result in a cross-site scripting vulnerability. Proof of Concept The xss function removes the word "javascript" when contained inside an attribute. However, it does n...

Directory Traversal

Overview Versions 0.8.3 and earlier of send are affected by a directory traversal vulnerability. When relying on the root option to restrict file access it may be possible for an application consumer to escape out of the restricted directory and access files in a similarly named directory. For...

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...