14 matches found
Malicious code in helium-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 643f63c743fd06fb24cb2d488e001ce0efab3f0d82014801ea2eebad96041692 The package helium-module was found to contain malicious code. Source: ghsa-malware d34558c0d1e56c0103ad087e485e142f3918050a1b0bdc15fc7e7b46c1a2ae1f...
EUVD-2026-2405
Malicious code in helium-module npm...
Malicious Package
Overview helium-module is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-244 Malicious code in helium-module (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 643f63c743fd06fb24cb2d488e001ce0efab3f0d82014801ea2eebad96041692 The package helium-module was found to contain malicious code. Source: ghsa-malware d34558c0d1e56c0103ad087e485e142f3918050a1b0bdc15fc7e7b46c1a2ae1f...
GHSA-P288-459W-JXJ6 Apache Zeppelin: XSS in the Helium module
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
Apache Zeppelin: XSS in the Helium module
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
Cross-site Scripting (XSS)
Overview org.apache.zeppelin:zeppelin-web is a web-based notebook. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input validation in the Helium module. An attacker can execute arbitrary scripts in the context of the user's browser by injecting...
CVE-2024-41177 Apache Zeppelin: XSS in the Helium module
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
CVE-2024-41177 Apache Zeppelin: XSS in the Helium module
Incomplete Blacklist to Cross-Site Scripting vulnerability in Apache Zeppelin. This issue affects Apache Zeppelin: before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue...
Cross-site Scripting (XSS)
Apache Zeppelin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding or escaping of output in the helium module. An attacker can modify helium.json and perform attacks on normal users by injecting malicious scripts...
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the...
GHSA-RRVF-5W4R-3X7V Apache Zeppelin vulnerable to cross-site scripting in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the...
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...