38 matches found
EUVD-2021-0801
Malware in sbrugna...
EUVD-2021-0767
Malware in sbrugna...
EUVD-2023-1537
Malicious code in bioql PyPI...
CVE-2023-2583
Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3...
CVE-2020-8128
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
jsreport vulnerable to code injection
jsreport prior to 3.11.3 had a version of vm2 vulnerable to CVE-2023-29017 hard coded in the package.json of the jsreport-core component. An attacker can use this vulnerability to obtain the authority of the jsreport playground server, or construct a malicious webpage/html file and send it to the...
GHSA-G7RJ-Q722-245G jsreport vulnerable to code injection
jsreport prior to 3.11.3 had a version of vm2 vulnerable to CVE-2023-29017 hard coded in the package.json of the jsreport-core component. An attacker can use this vulnerability to obtain the authority of the jsreport playground server, or construct a malicious webpage/html file and send it to the...
@karmalicious/nodejs-drivers (>=2.0.0 <=8.0.0), azupck (>=1.1.72 <=1.4.4) +13 more potentially affected by CVE-2023-2583 via jsreport (>=1.10.0 <=2.11.0)
jsreport NPM version =1.10.0, =2.0.0, =1.1.72, =1.0.28, =1.8.1, =1.0.1, =0.0.1, =1.0.0, =1.0.80, =1.1.36, =2.14.0, =2.30.0 Source cves: CVE-2023-2583 Source advisory: OSV:GHSA-G7RJ-Q722-245G...
CVE-2023-2583
CVE-2023-2583 affects jsreport/jsreport prior to 3.11.3. The root cause is a hardcoded vulnerable vm2 version in the jsreport-core package’s package.json, enabling code injection. Reported impact is code execution with high severity; in practice, exploitation appears tied to the vulnerable vm2 in...
jsreport 代码注入漏洞
jsreport is a report server that allows developers to define reports using javascript template engines such as handlebars. A code injection vulnerability exists in jsreport versions prior to 3.11.3. An attacker could exploit this vulnerability to perform a code injection attack...
PT-2023-20335 · Vm2 +1 · Vm2 +1
Name of the Vulnerable Software and Affected Versions: jsreport versions prior to 3.11.3 Description: The issue is related to code injection in the jsreport GitHub repository. An attacker can exploit this to obtain authority over the jsreport playground server or construct a malicious webpage/htm...
CVE-2023-2583 Code Injection in jsreport/jsreport
Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3...
CVE-2023-2583 Code Injection in jsreport/jsreport
Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3...
CVE-2023-2583 Code Injection in jsreport/jsreport
Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3...
An outdated dependency leads to to remote command execution vulnerability
Description A few days ago, the vm2 module of nodejs found a sandbox escape vulnerability, which was officially fixed in v3.9.15 However, a fixed vm2 version is hard-coded in the package.jsonv 3.9.11 of the jsreport-core component of jsreport, which makes it impossible to install the latest vm2...
@khoazero123/hummus-recipe (=2.0.1), @mauriciocc/hummus-recipe (=2.0.1-node-16) +5 more potentially affected by CVE-2022-39381 via muhammara (>=1.10.0 <=2.0.0)
muhammara NPM version =1.10.0, =2.0.0, =1.10.25, =1.0.0, =1.0.4 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...
@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-39381 via hummus (>=1.0.104 <=1.0.110)
hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-39381 Source advisory: OSV:GHSA-RCRX-FPJP-MFRW...
@fusuma/task-pdf (>=1.2.0 <=1.16.0), @infosupport/kc-cli (>=2.2.0 <=3.1.0) +10 more potentially affected by CVE-2022-25892 via hummus (>=1.0.104 <=1.0.110)
hummus NPM version =1.0.104, =1.2.0, =2.2.0, =1.0.0, =1.0.50, =0.0.10, =2.0.0, =1.0.0, =0.1.0, =0.1.2, =2.2.0, =0.0.7, =0.0.8 Source cves: CVE-2022-25892 Source advisory: OSV:GHSA-9CV5-4WQV-9W94...
GHSA-5FJJ-CFH2-GHC5 Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...