@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

GHSA-87G3-X896-W798 Downloads Resources over HTTP in atom-node-module-installer

Affected versions of atom-node-module-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

Downloads Resources over HTTP in atom-node-module-installer

Affected versions of atom-node-module-installer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...

mcstatic directory traversal vulnerability

A server directory traversal vulnerability was found on node module mcstatic =0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path...

CVE-2018-16482

A server directory traversal vulnerability was found on node module mcstatic =0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path...

CVE-2018-16482

A server directory traversal vulnerability was found on node module mcstatic =0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL path...

CVE-2018-16482

mcstatic (Node.js module)

Prototype Pollution in async merge-object

The utilities function in all versions of the merge-object node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

GHSA-RCH9-XH7R-MQGW Cross-Site Scripting in connect

connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...

CVE-2018-3747

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...

CVE-2018-3748

There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...

DEBIAN-CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

CVE-2018-3751

The utilities function in all versions = 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

Code injection

The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...

Code injection

The utilities function in all versions = 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3751

The utilities function in all versions = 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3752

The utilities function in all versions = 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3753

The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3747

The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...