IBM OpenPages 安全漏洞

IBM OpenPages is an AI-driven, highly scalable governance, risk and compliance GRC solution from International Business Machines IBM. A security vulnerability exists in IBM OpenPages versions 8.3 and 9.0 that stems from the potential to disclose information about client source code to unauthorize...

Security Bulletin: IBM OpenPages exposes client-side source code through use of JavaScript source maps (CVE-2024-27257)

Summary A vulnerability caused by exposure of information about IBM OpenPages client-side source code through use of JavaScript source maps to unauthorized users is addressed. Vulnerability Details CVEID:CVE-2024-27257 DESCRIPTION: IBM OpenPages potentially exposes information about client-side...

FreeTAKServer-UI 信息泄露漏洞

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

Trint Ltd: Insecure Zendesk SSO implementation by generating JWT client-side

Summary: app.trint.com implements SSO to Zendesk, it does this by using JWT as described at https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on This functionality has not been implemented securely because the JWT generation happens in the client-side...

RubyGems: Cross-Domain JavaScript Source File Inclusion

The page includes one or more script files from a third-party domain. XSSI is a fancy way of saying: you are including in your program, someone elses code; You don't have any control over what is in that code, and you don't have any control over the security of the server on which it is hosted...

Null pointer dereference

The lexerprocesscharliteral function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via malformed JavaScript source code, related to...

CVE-2017-9250

The lexerprocesscharliteral function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via malformed JavaScript source code, related to...

What are Javascript Source Maps?

Its generally a good practice to minify and combine your assets Javascript & CSS when deploying to production. This process reduces the size of your assets and dramatically improves your websites load time. Source maps create a map from these compressed asset files back to the source files. This...