AZL-39734 CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for fetch, but did not clear them for undici.request. This vulnerability was patched in versions 5.28.4 and 6.11.1...

CVE-2016-4991

Input passed to the Pdf function is shell escaped and passed to childprocess.exec during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3....

nodejs-ini: Prototype pollution via malicious INI file

A flaw was found in nodejs-ini. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context...

USN-4776-1 node-semver vulnerability

It was discovered that semver incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service...

@anandsuresh/smart-stream (>=1.0.1 <=1.1.0), @anandsuresh/smart_stream (=1.0.0) +10 more potentially affected by CVE-2021-21368 via msgpack5 (>=4.0.2 <=4.4.0)

msgpack5 NPM version =4.0.2, =1.0.1, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =1.0.2, =1.2.9, =2.0.0, =0.5.6, =0.1.0, =0.1.3 Source cves: CVE-2021-21368 Source advisory: OSV:GHSA-GMJW-49P4-PCFM...