CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-24434 Denial of Service (DoS)

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-24434

This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

Design/Logic Flaw

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

Cross site scripting

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

CVE-2022-25224

Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger an XSS attack. The 'nodeIntegration'...

CVE-2022-25229

Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Servers' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands...

CVE-2022-25229

CVE-2022-25229 affects Popcorn Time 0.4.7. A Stored XSS vulnerability originates in the Settings page, in the Movies API Server(s) field, where lack of input validation allows injection of script. The issue is aggravated by nodeIntegration being turned on, which can permit the webpage to access N...

SUSE-SU-2022:1694-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - CVE-2021-44906: Fixed prototype pollution in npm dependency bsc1198247. - CVE-2021-44907: Fixed insuficient sanitation in npm dependency bsc1197283. - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in...

OESA-2022-1638 nodejs-grunt security update

Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that...

CVE-2022-25324

CVE-2022-25324 affects the npm package bignum. The DoS arises from a type-check exception in V8 when verifying the second argument to the powm function, causing crashes that bypass Node try/catch blocks. Affected versions are not fixed by any known version; remediation is not available. Related a...

Vulnerabilities fixed in node.js

Vulnerabilities have been fixed in node.js. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Remote code execution User Rights Access to system data For the vulnerability with attribute CVE-2021-44906,...

SUSE-SU-2022:1462-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service vulnerability i...

SUSE-SU-2022:1461-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service vulnerability i...

SUSE-SU-2022:1459-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service vulnerability i...

git-interface 操作系统命令注入漏洞

git-interface is an interface for using git repositories in node.js by the Russian individual developer Yarkeev Denis. A security vulnerability exists in yarkeev git-interface versions prior to 2.1.1, which stems from a lack of filtering of the git clone and git --upload-pack command line...