EUVD-2022-1210

Malicious code in bioql PyPI...

Code Injection in jsen

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so it is assumed that this is applicable. I...

@amphro/streamer (>=0.0.0 <=1.0.1), @appirio/demo-scoped-pkg (>=2.4.1 <=2.8.0) +297 more potentially affected by CVE-2020-7777 via jsen (>=0.1.2 <=0.6.6)

jsen NPM version =0.1.2, =0.0.0, =2.4.1, =0.5.9, =0.1.0, =1.0.0, =0.6.9, =1.0.0, =1.0.0, =1.0.0, =2.2.3, =0.0.1, =0.1.0, =0.0.7, =1.4.0, =13.6.18 and more Source cves: CVE-2020-7777 Source advisory: OSV:GHSA-VM64-CFQX-3698...

GHSA-VM64-CFQX-3698 Code Injection in jsen

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so it is assumed that this is applicable. I...

CVE-2020-7777

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In...

CVE-2020-7777

CVE-2020-7777 affects all versions of the npm package jsen. A vulnerability arises when an attacker can supply a schema file whose required field is not properly sanitized; the constructed string based on the schema is passed to Function.apply(), enabling Arbitrary Code Execution on the victim ma...

CVE-2020-7777 Arbitrary Code Execution

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In...

Bugventure Jsen Security Breach

Bugventure Jsen is a Js package for verifying Json objects from the Bugventure personal developer. A security vulnerability exists in jsen that can be exploited by an attacker to take control of a schema file, which can then be used to run arbitrary JavaScript code on the victim machine...

@amphro/streamer (>=0.0.0 <=1.0.1), @appirio/demo-scoped-pkg (>=2.4.1 <=2.8.0) +297 more potentially affected by CVE-2020-7777 via jsen (>=0.1.2 <=0.6.6)

jsen NPM version =0.1.2, =0.0.0, =2.4.1, =0.5.9, =0.1.0, =1.0.0, =0.6.9, =1.0.0, =1.0.0, =1.0.0, =2.2.3, =0.0.1, =0.1.0, =0.0.7, =1.4.0, =13.6.18 and more Source cves: CVE-2020-7777 Source advisory: SNYK:JS-JSEN-1014670...