Command Injection

Overview Affected versions of the samba-client package allow command injection because of the use of process.exec. Recommendation Upgrade to version 4.0.0 or later References - CVE - GitHub Advisory...

Cross-Site Scripting (XSS)

Overview apexcharts is a modern JavaScript charting library to build interactive charts and visualizations with simple API. Affected versions of this package are vulnerable to Cross-site Scripting XSS via lack of sanitization of graph legend fields. Recommendation Upgrade to version 3.24.0 or...

Directory Traversal

Overview Impact Clients of FTP servers utilizing ftp-srv hosted on Windows machines can escape the FTP user's defined root folder using the expected FTP commands, for example, CWD and UPDR. Background When windows separators exist within the path , path.resolve leaves the upper pointers intact an...

Open Redirect

Overview Slashify is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, ...

Prototype Pollution

Overview A prototype pollution vulnerability in affected versions of 'dotty' allows attackers to cause a denial of service and may lead to remote code execution. Recommendation Update to version 0.1.1 or later References - GitHub Advisory - CVE...

IPC messages delivered to the wrong frame

Overview IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app does ANY of the following, then it is impacted by this issue: - Uses...

OS Command Injection

Overview Affected versions of the async-git package allow OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag. Recommendation Upgrade to version 1.13.2 or later. References - CVE - GitHub Advisory...

Prototype Pollution

Overview There is a prototype pollution vulnerability in gsap which affects all versions before 3.6.0. Recommendation Upgrade to 3.6.0 or later References - GitHub Advisory - Snyk Advisory...

Cross-Site Scripting (XSS)

Overview In affected versions of hellojs hello.js there is a cross-site scripting bug. The code get the param oauthredirect from url and pass it to location.assign without any check and sanitisation. It is possible to simply pass some XSS payloads into the url param oauthredirect, such as...

Prototype Pollution

Overview Overview Affected versions of immer are vulnerable to Prototype Pollution. Proof of exploit const applyPatches, enablePatches = require"immer"; enablePatches; let obj = ; console.log"Before : " + obj.polluted; applyPatches, op: 'add', path: "proto", "polluted" , value: "yes" ; //...

CVE-2021-21294

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

Design/Logic Flaw

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

Design/Logic Flaw

blaze is a Scala library for building asynchronous pipelines, with a focus on network IO. All servers running blaze-core before version 0.14.15 are affected by a vulnerability in which unbounded connection acceptance leads to file handle exhaustion. Blaze, accepts connections unconditionally on a...

CVE-2021-21294 Unbounded connection acceptance in http4s-blaze-server

Http4s http4s-blaze-server is a minimal, idiomatic Scala interface for HTTP services. Http4s before versions 0.21.17, 0.22.0-M2, and 1.0.0-M14 have a vulnerability which can lead to a denial-of-service. Blaze-core, a library underlying http4s-blaze-server, accepts connections unboundedly on its...

SRC-2021-0009 : Smarty Template Engine template_object Sandbox Escape Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the...

Sonatype Nexus 3.21.1 Remote Code Execution

Exploit Title: Sonatype Nexus 3.21.1 - Remote Code Execution Authenticated Exploit Author: 1F98D Original Author: Alvaro Muñoz Date: 27 May 2020 Vendor Hompage: https://www.sonatype.com/ CVE: CVE-2020-10199 Tested on: Windows 10 x64 References:...

Design/Logic Flaw

CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service REDoS vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regula...

CVE-2021-21236

CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service REDoS vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regula...

CVE-2021-21236

CairoSVG is a Python pypi package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service REDoS vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regula...

Password stored in plain text

Overview parse-server is an open source backend that can be deployed to any infrastructure that can run Node.js. In Parse Server before version 4.5.0, user passwords involved in LDAP authentication are stored in cleartext. This is fixed in version 4.5.0 by stripping password after authentication ...