Astra Linux - уязвимость в highlight.js

Highlight.js is a syntax highlighter written in JavaScript. Versions of Highlight.js prior to 9.18.2 and 10.1.2 are vulnerable to “Prototype Pollution”. A malicious HTML code block can cause the base object’s prototype to be polluted during highlighting. If you allow users to insert custom HTML...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Highlight.js vulnerability (USN-8276-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8276-1 advisory. It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype...

USN-8276-1 Highlight.js vulnerability

It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour...

USN-8276-1: Highlight.js vulnerability

It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour...

EUVD-2020-1472

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-26237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HT...

Malicious code in @n37scancp/highlight.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 944af106fc0b2a334ed1ab4fb6784a0b2cc01e5f795b1de3449b8deaf6560b50 The OpenSSF Package Analysis project identified '@n37scancp/highlight.js' @ 11.11.12 npm as malicious. It is considered malicious because: - The...

K000148605: Highlight.js vulnerability CVE-2020-26237

Security Advisory Description Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during...

K62444703: Multiple MySQL vulnerabilities CVE-2022-21455 and CVE-2022-21509

Security Advisory Description CVE-2022-21455 Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

SUSE CVE-2020-26237

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...

MAL-2022-3631 Malicious code in highlighjtjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 89392e404d8e54d10e6ed43abbd5ba46eadb858ed9610e623f9f19c6a25761ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Debian DLA-2511-1 : highlight.js security update

An issue has been found in highlight.js, a JavaScript library for syntax highlighting. If a website or application renders user provided data it might be affected by a Prototype Pollution. This might result in strange behavior or crashes of applications that do not correctly handle unknown...

Debian: Security Advisory (DLA-2511-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2511-1] highlight.js security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2511-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz December 30, 2020 https://wiki.debian.org/LTS -...

DLA-2511-1 highlight.js - security update

Bulletin has no description...

Regular Expression Denial Of Service (ReDoS)

highlight.js is vulnerable to regular expression denial of service ReDoS. The vulnerability exists through the grammars used by the parser during highlightAuto...

ReDOS vulnerabities: multiple grammars

Impact: Potential ReDOS vulnerabilities exponential and polynomial RegEx backtracking oswasp: The Regular expression Denial of Service ReDoS is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very...

Prototype Pollution

Highlight.js is vulnerable to prototype pollution. The attacker is able to get control of value of “path” and modify attributes such as proto, constructor and prototype...

CVE-2020-26237

A flaw was found in nodejs-highlight-js. Highlight.js is vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting...

CVE-2020-26237

Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow use...