ljharb qs 安全漏洞

ljharb qs is a query string parser with nesting support by Jordan Harband, an individual developer in the United States. A security vulnerability exists in ljharb qs versions prior to 6.14.1 that stems from improper input validation and could lead to an HTTP denial of service attack...

EUVD-2020-0380

Malware in sbrugna...

EUVD-2022-1409

Malicious code in bioql PyPI...

Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities

Summary RamdaCVE-2021-42581 is vulnerable to remote attackers to execute arbitrary code on the system, caused by a prototype pollution in functions. An attacker could exploit this vulnerability to execute arbitrary code on the system. Node-forgeCVE-2022-24773, 217313, CVE-2022-24771, CVE-2020-772...

CVE-2022-0841 OS Command Injection in ljharb/npm-lockfile

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4...

CVE-2022-0841

CVE-2022-0841 concerns OS command injection in ljharb/npm-lockfile (GitHub: npm-lockfile) for versions 2.0.3 and 2.0.4. The Red Hat entry notes a flaw where npm-lockfile v2 did not sanitize the only parameter before invoking a sensitive command execution API, enabling command injection. Other sou...

CVE-2017-1000048

CVE-2017-1000048 applies to ljharb’s qs module; older versions v6.0.4, v6.1.2, v6.2.3 and v6.3.1 (i.e., older than v6.3.2) are vulnerable to a DoS where a malicious request can crash the application. The connected documents corroborate a Denial of Service impact via input handling in qs, and indi...