56 matches found
AZL-65606 CVE-2025-7783 affecting package js-jquery 3.5.0-4
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3...
Azure Linux 3.0 Security Update: js-jquery (CVE-2019-20149)
The version of js-jquery installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-20149 advisory. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attribute...
Fedora 37 : js-jquery-ui (2022-7291b78111)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7291b78111 advisory. A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initializatio...
AZL-52587 CVE-2024-21538 affecting package js-jquery 3.5.0-4
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...
AZL-52548 CVE-2024-21538 affecting package js-jquery 3.5.0-4
Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...
AZL-50073 CVE-2024-47764 affecting package js-jquery 3.5.0-4
cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...
CBL Mariner 2.0 Security Update: js-jquery (CVE-2019-20149)
The version of js-jquery installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-20149 advisory. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attribute...
CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4
CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4. A patched version of the package is available...
CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4
CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4. A patched version of the package is available...
AZL-45066 CVE-2024-37890 affecting package js-jquery 3.5.0-4
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] e55e510 and backported to [email protected] 22c2876, [email protected] eeb76d3, and [email protected]...
AZL-44493 CVE-2024-28849 affecting package js-jquery 3.5.0-4
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
AZL-43861 CVE-2024-28849 affecting package js-jquery 3.5.0-4
follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...
AZL-45348 CVE-2023-26159 affecting package js-jquery 3.5.0-4
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...
AZL-45126 CVE-2017-20162 affecting package js-jquery 3.5.0-4
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
Fedora 36 : js-jquery-ui (2022-1a01ed37e2)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1a01ed37e2 advisory. A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initializatio...
AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
AZL-44820 CVE-2022-41940 affecting package js-jquery 3.5.0-4
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the engine.io...
Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-7291b78111)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-1a01ed37e2)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-22d8ba36d0)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...