CVE-2024-34712

Oceanic is a NodeJS library for interfacing with Discord. Prior to version 1.10.4, input to functions such as Client.rest.channels.removeBan is not url-encoded, resulting in specially crafted input such as ../../../channels/id being normalized into the url /api/v10/channels/id, and deleting a...

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...