Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

GHSA-H47J-HC6X-H3QQ Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...