60 matches found
Hardcoded credentials
A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 via the candidate variable in htmlminifier.js...
CVE-2022-37620
A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression...
CVE-2022-37620
A Regular Expression Denial of Service ReDoS flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression...
PT-2022-24031
Name of the Vulnerable Software and Affected Versions kangax html-minifier version 4.0.0 Description A Regular Expression Denial of Service ReDoS flaw was found in the candidate variable in htmlminifier.js. This issue can cause a denial of service. Recommendations For kangax html-minifier version...
CVE-2022-37620
CVE-2022-37620: ReDoS in kangax/html-minifier 4.0.0 due to reCustomIgnore regex. CVSS v3.1 base score 7.5 (HIGH); attack vector NETWORK, complexity LOW, no privileges required, no user interaction; impact: Availability loss. Remediation: upgrade/downgrade to a non-vulnerable/html-minifier version...
CVE-2022-31132
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
Server side request forgery (ssrf)
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2022-31132
The CVE-2022-31132 issue affects Nextcloud Mail where versions shipped with the CSS minifier at ./vendor/cerdic/css-tidy/css_optimiser.php expose an unrestricted interface, enabling unauthenticated SSRF. Affected software is Nextcloud Mail; impact is described as Server-Side Request Forgery with ...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
Nextcloud 代码问题漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail that stems from unrestricted access to minifier. An attacker could exploit this vulnerability to perfor...
PT-2022-20552 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.12.7 Nextcloud Mail versions prior to 1.13.6 Description: Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path...
Malicious Package
Overview codemirror-dart-minifier is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
[SECURITY] Fedora 36 Update: golang-github-tdewolff-minify-2.11.10-4.fc36
Minify is a minifier package written in Go. It provides HTML5, CSS3, JS, JSON, SVG and XML minifiers and an interface to implement any other minifier. Minification is the process of removing bytes from a file such as whitespace without changing its output and therefore shrinking its size and...
Fedora: Security Advisory for golang-github-evanw-esbuild (FEDORA-2022-3969b64d4b)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
VBSmin - VBScript Minifier
VBScript minifier Features Remove extra whitespace Trailing whitespace Leading whitespace Blank lines Inline extra spaces Remove comments Single quote start of the line Single quote inline REM One-line Line splitting underscore Colon Quick start Quick install $ gem install vbsmin See more install...
Cloudflare: // (double slash) inside es6 template literals interpreted as an inline comment by the auto-minifier
The following is valid javascript: var a = //; So is this: var url = https://hackerone.com; However, Cloudflare's auto-minifier removes the parts of both lines including and after the //, meaning in production, they look like this: var a = var url = https: This can either straight up break or...
CVE-2016-6517
Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E encoded dot dot in the minifierBundleDir parameter to barebone.jsp...
Cross-site scripting vulnerability in wordpress plugin theme-minifier
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. The wordpress plugin theme-minifier suffers from a cross-site scripting vulnerability due to improper filtering of user input...