CVE-2022-41957 muhammara vulnerable to Unchecked Return Value to NULL Pointer Dereference

Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service DoS when supplied with a...

MuhammaraJS 安全漏洞

MuhammaraJS is a node module with c/cpp bindings by the individual developer Julian Hille. A security vulnerability exists in MuhammaraJS versions prior to 2.6.2, 3.0.0 through 3.3.0. An attacker could exploit this vulnerability to perform a denial-of-service attack...

CVE-2022-41957

MuhammaraJS (node module with C/C++ bindings for modifying PDFs via JavaScript) is vulnerable to Denial of Service when parsing a malicious PDF. Affected versions are muhammara before 2.6.2 and 3.0.0 through 3.3.0, as well as all versions of hummus. The issue has been patched in muhammara 3.4.0 a...

MuhammaraJS 代码问题漏洞

MuhammaraJS is a node module with c/cpp bindings by the individual developer Julian Hille. A security vulnerability exists in MuhammaraJS versions prior to 2.6.0. An attacker exploited the vulnerability to cause a denial of service via a specially crafted PDF file...

CVE-2022-39381 Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron based/replacement on/of galkhana/hummusjs. The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service DoS when supplied with a maliciously crafted PDF file to be...

CVE-2022-39381

Summary (CVE-2022-39381) Muhammara (and hummus) are vulnerable to Denial of Service when processing a maliciously crafted PDF appended to another file. Affected: Muhammara versions before 2.6.0; all versions of hummus. Root cause: null dereference/related DoS path in PDF handling components (PDFD...

MuhammaraJS 安全漏洞

MuhammaraJS is a node module with c/cpp bindings from the individual developer Julian Hille. A security vulnerability exists in MuhammaraJS versions prior to 2.6.0 and 3.1.0 through 3.1.1, which stems from a denial of service that can be caused by an attacker parsing its hummus package via a...

MAL-2022-4666 Malicious code in module-with-node-file (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43899bbadfa822b75785b94f54888eae361be60ed7fb7b372bedf319e5f34ff3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Drupal Node Validation Bypass in the node module API

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

GHSA-PH2J-5HXQ-GXRR Drupal Node Validation Bypass in the node module API

The node module API in Drupal 5.x before 5.11 allows remote attackers to bypass node validation and have unspecified other impact via unknown vectors related to contributed modules...

GHSA-XG47-R67P-VHV5 Improper Input Validation in Deap

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

Popular NPM Package Updated to Wipe Russia, Belarus Systems to Protest Ukraine Invasion

In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the...

vercel/serve allows access to restricted files if filename is URL encoded.

serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded...

GHSA-7P7H-4MM5-852V Uncontrolled Resource Consumption in trim-newlines

@rkesters/gnuplot is an easy to use node module to draw charts using gnuplot and ps2pdf. The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service ReDoS for the .end method...

CVE-2020-8298

The CVE-2020-8298 issue affects the fs-path Node.js module, specifically versions before 0.0.25. The underlying flaw is a command injection vulnerability triggered by user-supplied inputs through the copy, copySync, remove, and removeSync methods. Reported impact in sources corresponds to high/cr...

fs-path 命令注入漏洞

Mojin fs-path is Mojin an open source application . It provides the ability to scan files recursively or through filters. A command injection vulnerability exists in the fs-path node module before 0.0.25, which stems from the vulnerability of the fs-path node module to a user's use of "copy",...

nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4F9M-PXWH-68HG...

Webform - Moderately critical - Access bypass - SA-CONTRIB-2020-017

This module enables you to build forms and surveys in Drupal. The Webform Node sub-module allows these forms to be associated with a Drupal node. The Webform Node module does not implement access checking in the same manner as other nodes and entities. As such, writers of custom modules which...

Codecov-node npm module command execution vulnerability

The codecov-node npm module is an application global coverage module. A security vulnerability exists in codecov-node npm module versions prior to 3.6.5. A remote attacker can exploit the vulnerability to execute arbitrary commands...