MAL-2024-8831 Malicious code in indrive-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 011bd3f8ccaeb08ace40949b5860fb7a582858cf482c46f4e615b2b2db087e18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

inDrive: Change phone number OTP flaw leads to any phone number takeover

Vulnerability description not provided...

Malicious code in @indrive.io/my-test-package (npm)

--- -= Per source details. Do not edit below this line.=-...

inDrive: SSRF in https://couriers.indrive.com/api/file-storage

A server side request forgery vulnerability was present in the url parameter of the https://couriers.indrive.com/api/file-storage endpoint, allowing arbitrary external websites to be requested and their content returned in responses...

inDrive: #2 XSS on watchdocs.indriverapp.com

An XSS vulnerability was discovered on watchdocs.indriverapp.com. The vulnerability allowed execution of JavaScript on the user's browser...

inDrive: Rider can forcefully get passenger's order accepted resulting in multiple impacts including PII reveal and more mentioned in the report.

A vulnerability was found in the customer order flow that allowed a driver to forcefully accept an order on behalf of a passenger, bypassing the normal negotiation process. This allowed the driver to set the ride price without following the built-in fare calculation algorithm...

inDrive: Full access to InDrive jira panel via exposed API token

The Jira API token was exposed in a GitHub repository, allowing unauthorized access to the InDrive Atlassian panel and sensitive information stored in Jira...