7911 matches found
Node.js third-party modules: url-parse package return wrong hostname
Jul 19th 2018 - lolwaleet submitted a report to Node.js third-party modules. I would like to report url-parse package return wrong hostname in url-parse. Module module name: url-parse version: 1.4.1 npm page: https://www.npmjs.com/package/url-parse Module Description The url-parse method exposes...
AWS Key Disabler - A Small Lambda Script That Will Disable Access Keys Older Than A Given Amount Of Days
The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys. AWS Lambda Architecture SysOps Output for EndUser Developer Toolchain Current Limitations A report containing the output json of...
Node.js third-party modules: [ponse] Path traversal in ponse module allows to read any file on server
I would like to report path traversal in ponse. It allows reading local files on the target server. Module module name: ponse version: 2.0.1 npm page: https://www.npmjs.com/package/ponse Module Description Module for work with requests and responses Module Stats 317 downloads in the last week 163...
Memoro - A Detailed Heap Profiler
Memoro is a highly detailed heap profiler. Memoro not only shows you where and when your program makes heap allocations, but will show you how your program actually used that memory. Memoro collects detailed information on accesses to the heap, including reads and writes to memory and when they...
Node.js third-party modules: Prototype pollution attack (merge.recursive)
I would like to report prototype pollution in merge. It allows an attacker to inject properties on Object.prototype. Module module name: merge version: 1.2.0 npm page: https://www.npmjs.com/package/merge Module Description Merge multiple objects into one, optionally creating a new cloned object...
Node.js third-party modules: Prototype pollution attack (extend)
I would like to report prototype pollution in extend It allows an attacker to inject properties on Object.prototype. Module module name: extend version: 3.0.1 npm page: https://www.npmjs.com/package/extend Module Description node-extend is a port of the classic extend method from jQuery. It behav...
pdf-image command injection vulnerability
pdf-image is a package that can use ImageMagick to convert PDF files to png files in Node.js. A command injection vulnerability exists in pdf-image version 2.0.0. An attacker can exploit this vulnerability to execute commands...
Node.js third-party modules: Prototype pollution attack (defaults-deep / constructor.prototype)
I would like to report a prototype pollution vulnerability in defaults-deep. It allows an attacker to inject properties on Object.prototype. Module module name: defaults-deep version: 0.2.4 npm page: https://www.npmjs.com/package/defaults-deep Module Description Like extend but recursively copies...
Node.js third-party modules: Prototype pollution attack (lodash / constructor.prototype)
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype. Module module name: lodash version: 4.17.10 npm page: https://www.npmjs.com/package/lodash Module Description The Lodash library exported as Node.js modules. Modul...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
Command injection
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
CVE-2018-13797
CVE-2018-13797 (nodejs-macaddress) affects the macaddress module for Node.js prior to 0.2.9. The root cause is unsanitized input passed to an exec call (not execFile), enabling arbitrary command injection. This could lead to remote command execution, impacting confidentiality, integrity, and avai...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
CVE-2018-13797
The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...
Node.js Denial-of-Service Vulnerability - 05 - Mac OS X
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
Node.js Denial-of-Service Vulnerability - 01 - Mac OS X
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...
Node.js DNS Rebinding Vulnerability - Mac OS X
Node.js is prone to a DNS rebinding vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js Denial-of-Service Vulnerability - 03 - Mac OS X
Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...