15 matches found
EUVD-2025-29413
Malicious code in bioql PyPI...
Mithril snapshots for Cardano database could be compromised by an adversary
Impact Mithril certification of Cardano database The Mithril network provides certification for snapshots of the Cardano database, enabling users to quickly bootstrap a Cardano node without relying on the slower peer-to-peer synchronization process. To generate a multi-signature, a minimum...
GHSA-QV97-5QR8-2266 Mithril snapshots for Cardano database could be compromised by an adversary
Impact Mithril certification of Cardano database The Mithril network provides certification for snapshots of the Cardano database, enabling users to quickly bootstrap a Cardano node without relying on the slower peer-to-peer synchronization process. To generate a multi-signature, a minimum...
PT-2025-20320 · Crates.Io · Mithril-Client
Impact Mithril certification of Cardano database The Mithril network provides certification for snapshots of the Cardano database, enabling users to quickly bootstrap a Cardano node without relying on the slower peer-to-peer synchronization process. To generate a multi-signature, a minimum...
Malicious code in oj-mithril-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa5fab859196881e392265ee85901316c60eebc3d334f9b4eae7c4bb039723f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-651 Malicious code in oj-mithril-packages (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5fee5d58e7e1464614f1aa017521ae6613da70897bbbc6ee11360593f419eca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in oj-mithril-packages (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e5fee5d58e7e1464614f1aa017521ae6613da70897bbbc6ee11360593f419eca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-652 Malicious code in oj-mithril-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa5fab859196881e392265ee85901316c60eebc3d334f9b4eae7c4bb039723f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-H3GG-7WX2-CQ3H XSS in Flarum Sticky extension
Impact A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through Mithril's m.trust helper. This...
XSS in Flarum Sticky extension
Impact A change in release beta 14 of the Sticky extension caused the plain text content of the first post of a pinned discussion to be injected as HTML on the discussion list. The issue was discovered following an internal audit. Any HTML would be injected through Mithril's m.trust helper. This...
Prototype Pollution in mithril
Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as proto%5BtoString%5D=123 in...
@mlshv/modern-koa-docs (=3.0.2), app-state-inspector (>=0.1.0 <=0.1.2) +106 more potentially affected by unknown CVE via mithril (>=0.1.24 <=1.1.6)
mithril NPM version =0.1.24, =0.1.0, =0.0.4, =1.0.4-alpha.0, =1.0.4-alpha.0, =1.0.4-alpha.0, =1.0.4-alpha.0, =1.0.4-alpha.1, =1.0.4-alpha.0, =1.0.51, =1.0.0, =0.1.1, =0.6.0, =1.0.0-alpha.2, =1.0.0-alpha.2, =1.0.0-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-C3PX-V9C7-M734...
GHSA-C3PX-V9C7-M734 Prototype Pollution in mithril
Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as proto%5BtoString%5D=123 in...
Prototype Pollution
Overview Affected versions of mithrilare vulnerable to prototype pollution. The function parseQueryString may allow a malicious user to modify the prototype of Object, causing the addition or modification of an existing property that will exist on all objects. A payload such as...
Prototype Pollution
Overview org.webjars:mithril is a modern client-side JavaScript framework for building Single Page Applications and provides routing and XHR utilities out of the box. Affected versions of this package are vulnerable to Prototype Pollution. parseQueryString may allow a malicious user to modify the...