PT-2024-19582 · Akaunting · Akaunting

Name of the Vulnerable Software and Affected Versions: Akaunting versions 3.1.3 and earlier Description: An OS command injection issue exists, allowing an attacker to manipulate the company locale during app installation to execute system commands on the hosting server. Recommendations: For...

Moment.js: Path traversal in moment.locale

A path traversal vulnerability was found in Moment.js that impacts npm server users. This issue occurs if a user-provided locale string is directly used to switch moment locale, which an attacker can exploit to change the correct path to one of their choice. This can result in a loss of integrity...