EUVD-2019-0680

Malware in sbrugna...

CVE-2019-5479

An unintended require vulnerability in...

Unintended Require in larvitbase-api

Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation Upgrade to...

GHSA-XF27-JQWV-GF3R Unintended Require in larvitbase-api

Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation Upgrade to...

larvitlog (>=0.1.0 <=0.3.4), larvituser-api (>=0.2.0 <=0.4.0) potentially affected by CVE-2019-5479 via larvitbase-api (>=0.2.2 <=0.5.1)

larvitbase-api NPM version =0.2.2, =0.1.0, =0.2.0, =0.4.0 Source cves: CVE-2019-5479 Source advisory: OSV:GHSA-XF27-JQWV-GF3R...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

CVE-2019-5479

An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...

CVE-2019-5479

CVE-2019-5479 affects larvitbase-api (node package). Versions prior to 0.5.4 allow an Unintended Require where an exposed API endpoint passes a GET parameter to a require() call, enabling an attacker to load and execute arbitrary JavaScript files present in the server directory. Public descriptio...

Local File Inclusion

larvitbase-api is vulnerable to local file inclusion. The package uses an exposed API endpoint that accepts an unvalidated GET parameter to a require function call. This could potentially allow a remote attacker to execute any .js files within the web server. Successful exploitation causes the...

Unintended Require

Overview Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation...

Node.js third-party modules: [larvitbase-api] Unintended Require

I would like to report Unintended Require vulnerability in larvitbase-api It allows loading arbitary non-production code js files. Module module name: larvitbase-api version: 0.5.3 npm page: https://www.npmjs.com/package/larvitbase-api Module Description REST http API base framework based on...