MAL-2022-4881 Malicious code in node-config-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6245de88dda255b54977801c4cb54ca206cf3e832670277220fba95bf3707455 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in node-config-provider (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6245de88dda255b54977801c4cb54ca206cf3e832670277220fba95bf3707455 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

jenkins: lack of type validation in agent related REST API

A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type...

Improper Control of Dynamically-Managed Code Resources in config-shield

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

CVE-2021-26276

CVE-2021-26276 affects node-config-shield (GoDaddy) up to version 0.2.2. The scripts/cli.js file calls eval when processing a set command, creating a potential risk if the set command is applied to untrusted data. The vendor states this is not a vulnerability; the set command was not intended for...

CVE-2021-26276

scripts/cli.js in the GoDaddy node-config-shield aka Config Shield package before 0.2.2 for Node.js calls eval when processing a set command. NOTE: the vendor reportedly states that this is not a vulnerability. The set command was not intended for use with untrusted data...

GoDaddy Node-config-shield Security Vulnerability

GoDaddy Node-config-shield is a Javascript-based codebase for checking sensitive information in projects by GoDaddy, Inc. A security vulnerability exists in GoDaddy node-config-shield that stems from a call to eval while processing the set command...

PT-2021-16986 · Npm · Node-Config-Shield

Name of the Vulnerable Software and Affected Versions: node-config-shield versions prior to 0.2.2 Description: The issue concerns the node-config-shield package, where the scripts/cli.js file calls eval when processing a set command. This could potentially lead to issues if the set command is use...