@instacarro/ic-model-admin (>=2.0.5 <=2.0.8), grommet-toolbox (>=0.1.3 <=0.2.12) +4 more potentially affected by CVE-2020-7605 via gulp-tape (>=0.0.10 <=1.0.0)

gulp-tape NPM version =0.0.10, =2.0.5, =0.1.3, =0.1.1, =0.1.5, =0.43.2 - sp-router-js =1.0.1 Source cves: CVE-2020-7605 Source advisory: OSV:GHSA-X67X-98X7-WV26...

br.com.swconsultoria:java-cte (>=3.00.4 <=3.00.8), br.com.swconsultoria:java-mdfe (>=3.00.3 <=3.00.4) +1215 more potentially affected by CVE-2020-26939 via org.bouncycastle:bcprov-jdk16 (>=1.38 <=1.46)

org.bouncycastle:bcprov-jdk16 MAVEN version =1.38, =3.00.4, =3.00.3, =4.00.10, =1.0, =2.0, =1.2.4, =2.0.0, =2.1, =2.1, =2.10.0, =2.10.0, =2.11.0 and more Source cves: CVE-2020-26939 Source advisory: OSV:GHSA-72M5-FVVV-55M6...

ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +1845 more potentially affected by CVE-2020-7020 via org.elasticsearch:elasticsearch (>=0.6.0 <=6.8.12)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =0.3.0, =1.0.1, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.1.0, =5.2.1 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-starter =5.2.0 and more Source cves: CVE-2020-7020 Source advisory: OSV:GHSA-G9FW-9X87-RMRJ...

PT-2020-17331 · Fullarmor · Fullarmor Hapi File Share Mount Docker Image

Name of the Vulnerable Software and Affected Versions: FullArmor HAPI File Share Mount Docker image through 2020-12-14 Description: The issue concerns a blank password for the root user in the FullArmor HAPI File Share Mount Docker image. This could allow a remote attacker to achieve root access...

Design/Logic Flaw

The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the FullArmor HAPI File Share Mount container may allow the remote attacker to achieve root access with a blank password...

XML External Entity (XXE)

hapi-fhir-utilities is vulnerable to XML external entities XXE. An attacker is able to provide malicious XML input containing a reference to an external entity and retrieve system files. The vulnerability exists as the library does not disable external DTDs and doctype declarations by default...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Cross-site Scripting (XSS)

hapi-fhir-testpage-overlay is vulnerable to cross-site scripting XSS. The vulnerability exists due to the lack of sanitization of the PARAMRESOURCE value when processing requests in several controllers...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Design/Logic Flaw

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

CVE-2020-24301

The CVE-2020-24301 entry concerns the HAPI FHIR Testpage Overlay (v5.0.0 and below) with a cross-site scripting (XSS) vulnerability. Multiple connected sources (e.g., Veracode, Red Hat, NVD, OSV, and GitLab repo artifact) identify that the issue arises from lack of sanitization of the PARAM_RESOU...

CVE-2020-24301

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testin...

Cross-site Scripting

Users of the HAPI FHIR Testpage Overlay can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser. The impact of this vulnerability is believed to be low, as this module is intended for testing and not believ...

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4F9M-PXWH-68HG...

Denial of Service in @commercial/ammo

Versions of @commercial/ammo prior to 2.1.1 are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error is...

GHSA-RHC3-76JW-4F2X Denial of Service in @commercial/ammo

Versions of @commercial/ammo prior to 2.1.1 are vulnerable to Denial of Service. The Range HTTP header parser has a vulnerability which will cause the function to throw a system error if the header is set to an invalid value. Because hapi is not expecting the function to ever throw, the error is...

GHSA-22H7-7WWG-QMGG Prototype Pollution in @hapi/hoek

Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead t...

Prototype Pollution in @hapi/hoek

Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which may lead t...

Cross-Site Scripting in @hapi/boom

Versions of @hapi/boom prior to 0.3.8 are vulnerable to Cross-Site Scripting XSS. The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 0.3.8 or later...