The 2022 State of Spring Survey Report

Hi, Spring fans! You're awesome! I know you're awesome. You know you're awesome. And the Spring team works for you. We like working for you because you dream awesome dreams and build awesome things. And we can't work effectively with and for you if we don't know where everyone stands. Every year ...

CVE-2022-21191

A flaw was found in global-modules-path. This issue may allow command injection via getPath due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

Malicious Package

Overview @dbk-legacy/roster-modules-ebanking is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...

USN-5825-1 pam vulnerability

It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication...

PT-2023-14209 · Sewio · Sewio'S Real-Time Location System (Rtls) Studio

Name of the Vulnerable Software and Affected Versions: Sewio’s Real-Time Location System RTLS Studio versions 2.0.0 through 2.6.2 Description: The issue is related to improper input validation of user input to the service start, service stop, and service restart modules of the software. This coul...

Command Injection

global-modules-path is vulnerable to Command Injection. The vulnerability exists due to the insecure usage of execSync in index.js, allowing an attacker to inject and execute malicious commands such as getPath"something & touch abc", "somethingElse & touch def"...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in the polkit package. The target product/service is polkit, a Linux system policy kit. The vulnerability class/vector is a privilege escalation vulnerability. The probable entry points are the gconv-modules file and the...

global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

GHSA-VVJ3-85VF-FGMW global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

@airy/maleo (>=0.0.1-canary.49 <=0.3.1-canary.36), @audentio/kinetic (>=0.1.0 <=0.1.12) +206 more potentially affected by CVE-2022-21191 via global-modules-path (>=1.0.0 <=2.3.1)

global-modules-path NPM version =1.0.0, =0.0.1-canary.49, =0.1.0, =6.4.0, =0.1.0, =8.0.0, =0.0.6, =0.1.0-latest.1a450bb3, =0.1.0, =1.0.0, =0.0.22-alpha.1, =0.1.0, =1.1.3, =0.9.0, =0.0.1, =0.0.2 and more Source cves: CVE-2022-21191 Source advisory: OSV:GHSA-VVJ3-85VF-FGMW...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

CVE-2022-21191 concerns the npm package global-modules-path . Versions prior to 3.0.0 are vulnerable to a Command Injection via the internal getPath function caused by missing input sanitization and sandboxing. The result is a high-risk condition, with confirmed references across multiple sources...

PT-2023-12664 · Unknown · Global-Modules-Path

Name of the Vulnerable Software and Affected Versions: global-modules-path versions prior to 3.0.0 Description: The issue is related to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. This allows for potential exploitation...

global-modules-path 安全漏洞

global-modules-path is a utility that returns the path of a global installation package. A security vulnerability exists in global-modules-path versions prior to 3.0.0, which stems from a lack of cleaning of user input or a failure to sandbox the getPath function...

Drupal Releases Security Update to Address Vulnerability in Private Taxonomy Terms

Drupal has released a security update to address a vulnerability affecting private vocabulary modules for Drupal 8.x. An unauthorized user could exploit this vulnerability to bypass access permissions to create, modify, and delete private vocabulary terms. CISA encourages users and administrators...

46c-sector (>=1.0.0 <=1.2.1), @aatishgh/antora_site_generator_lunr_custom (>=0.4.0 <=0.4.3) +430 more potentially affected by CVE-2023-0163 via convict (>=0.0.6 <=6.2.3)

convict NPM version =0.0.6, =1.0.0, =0.4.0, =0.0.1, =0.0.2, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =0.0.1, =1.0.0, =0.0.1, =2.1.0, =2.0.0, =3.0.2 and more Source cves: CVE-2023-0163 Source advisory: OSV:GHSA-4JRM-C32X-W4JF...

Cross site scripting

A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site...

Subparse - Modular Malware Analysis Artifact Collection And Correlation Framework

Subparse, is a modular framework developed by Josh Strochein, Aaron Baker, and Odin Bernstein. The framework is designed to parse and index malware files and present the information found during the parsing in a searchable web-viewer. The framework is modular, making use of a core parsing engine,...

cloud.piranha.extension:piranha-extension-hazelcast (>=21.11.0 <=22.2.0), cn.vertxup:infix-mysql (=0.8.1) +120 more potentially affected by CVE-2022-36437 via com.hazelcast:hazelcast (>=5.0 <=5.0.3)

com.hazelcast:hazelcast MAVEN version =5.0, =21.11.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =0.8.1 and more Source cves: CVE-2022-36437 Source advisory: OSV:GHSA-C5HG-MR8R-F6JP...