EUVD-2022-0513

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-21704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are...

MAL-2025-25523 Malicious code in log4js-vue-log-bus (npm)

The package log4js-vue-log-bus was found to contain malicious code...

Malicious code in log4js-vue-log-bus (npm)

The package log4js-vue-log-bus was found to contain malicious code...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6.2 Vulnerability Details CVEID:CVE-2022-25901 DESCRIPTION: Node.js cookiejar module is vulnerable to a denial of service, caused by an insecure regular expression in the Cookie.parse function. A remote attack...

DLA-3229-1 node-log4js - security update

Bulletin has no description...

Debian: Security Advisory (DLA-3229-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3229 : node-log4js - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3229 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3229-1] node-log4js security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-3229-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 07, 2022 https://wiki.debian.org/LTS -...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to log4js-node CVE-2022-21704 with details below Vulnerability Details CVEID: CVE-2022-21704 DESCRIPTION: log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive...

The vulnerability of the log4js-node logging library, related to deficiencies in access control, allows attackers to gain access to confidential information.

The vulnerability of the log4js-node logging library is related to deficiencies in access control for directories. Exploiting this vulnerability could allow attackers to gain access to confidential information stored in logs generated by the file, fileSync, and dateFile applications...

GHSA-82V2-MX6X-WQ7Q Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

2o3t-core (>=0.0.1 <=0.0.34), 2o3t-logger (>=0.0.1 <=0.3.9) +5913 more potentially affected by CVE-2022-21704 via log4js (>=0.2.4 <=6.3.0)

log4js NPM version =0.2.4, =0.0.1, =0.0.1, =0.0.1, =0.1.1, =0.0.3-1, =1.0.0, =1.6.1, =0.0.15, =8.25.29, =4.0.1, =0.5.0, =1.1.0, =2.0.0, =0.5.0-beta, =0.6.0-beta and more Source cves: CVE-2022-21704 Source advisory: OSV:GHSA-82V2-MX6X-WQ7Q...

Incorrect Default Permissions in log4js

Impact Default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode...

Information Disclosure

log4js is vulnerable to information disclosure. Log files with sensitive user details are vulnerable when users have not supplied their own permissions for the said files via the mode parameter in the config allowing attackers to gain access to the sensitive information from log files...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

AZL-45261 CVE-2022-21704 affecting package js-jquery 3.5.0-4

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

DEBIAN-CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...