6 matches found
CVE-2022-37602
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js...
@chinchilla-software/angular-tooltip (=1.2.1), @creatartis/creatartis-grunt (>=0.0.16-alpha <=0.0.16-beta) +84 more potentially affected by CVE-2022-37602 via grunt-karma (>=0.10.1 <=3.0.2)
grunt-karma NPM version =0.10.1, =0.0.16-alpha, =6.0.0, =2.0.9, =4.8.13, =5.1.4, =1.0.0, =3.3.15, =2.6.0, =0.1.7, =0.0.1, =0.0.1, =1.0.0 - @sap/grunt-sapui5-bestpractice-build =1.3.52 and more Source cves: CVE-2022-37602 Source advisory: OSV:GHSA-HCJ4-XF6X-63WJ...
@abc.xyz/drop-down-treeview (>=0.0.15 <=0.0.16), @abcpros/bitcore-build (>=8.25.29 <=8.25.30) +1332 more potentially affected by CVE-2021-23495 via karma (>=0.10.2 <=6.3.14)
karma NPM version =0.10.2, =0.0.15, =8.25.29, =1.0.0, =0.1.1, =0.1.14, =1.0.2, =1.0.0, =1.2.0, =0.2.0-preview.3, =5.0.0, =0.23.0, =2.3.0, =2.11.0 and more Source cves: CVE-2021-23495 Source advisory: OSV:GHSA-RC3X-JF5G-XVC5...
@carlosvillu/tester (>=1.0.0 <=1.0.0-beta.1), @domestika/tester (>=1.0.0-beta.0 <=1.9.0) +46 more potentially affected by CVE-2021-23495 via karma (>=6.1.1 <=6.3.14)
karma NPM version =6.1.1, =1.0.0, =1.0.0-beta.0, =13.0.3, =430.0.0, =3.7.0, =3.7.0, =3.7.0, =3.7.0, =5.0.0-beta.0, =0.0.0, =0.1.0, =0.6.1 - angular-onscreen-keyboard-new =0.2.0 - angular-virtual-keys =0.3.0 and more Source cves: CVE-2021-23495 Source advisory: SNYK:JS-KARMA-2396325...
Open Redirect
Overview karma is a simple tool that allows you to execute JavaScript code in multiple real browsers. Affected versions of this package are vulnerable to Open Redirect due to missing validation of the returnurl query parameter. Remediation Upgrade karma to version 6.3.16 or higher. References -...
@abc.xyz/drop-down-treeview (>=0.0.15 <=0.0.16), @abcpros/bitcore-build (>=8.25.29 <=8.25.30) +1332 more potentially affected by CVE-2022-0437 via karma (>=0.10.2 <=6.3.13)
karma NPM version =0.10.2, =0.0.15, =8.25.29, =1.0.0, =0.1.1, =0.1.14, =1.0.2, =1.0.0, =1.2.0, =0.2.0-preview.3, =5.0.0, =0.23.0, =2.3.0, =2.11.0 and more Source cves: CVE-2022-0437 Source advisory: OSV:GHSA-7X7C-QM48-PQ9C...