GHSA-26WG-9XF2-Q495 Novu has a XSS sanitization bypass

Summary XSS sanitization is incomplete, some attributes are missing such as oncontentvisibilityautostatechange=. This allows for the email preview to render HTML that executes arbitrary JavaScript, Details Sanitization is implemented here:...

GHSA-4X48-CGF9-Q33F Novu has SSRF via conditions filter webhook bypasses validateUrlSsrf() protection

Summary The conditions filter webhook at libs/application-generic/src/usecases/conditions-filter/conditions-filter.usecase.ts line 261 sends POST requests to user-configured URLs using raw axios.post with no SSRF validation. The HTTP Request workflow step in the same codebase correctly uses...

@koloseum/utils (>=0.1.11 <=0.1.14), @quickguidehealth/connector-logto-novu (>=0.1.0 <=0.1.4) +1 more potentially affected by unknown CVE via @novu/api (>=0.6.2 <=3.11.0)

@novu/api NPM version =0.6.2, =0.1.11, =0.1.0, =0.1.4 - aleph-backend =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-4X48-CGF9-Q33F...

EUVD-2023-39932

Malicious code in bioql PyPI...

CVE-2023-35948

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL a...

Open redirect

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL a...

CVE-2023-35948 Novu Open Redirect Vulnerability in Sign-In with GitHub Functionality

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL a...

CVE-2023-35948 Novu Open Redirect Vulnerability in Sign-In with GitHub Functionality

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL a...

CVE-2023-35948 Novu Open Redirect Vulnerability in Sign-In with GitHub Functionality

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL a...

CVE-2023-35948

Novu Open Redirect vulnerability (CVE-2023-35948) affects the open-source Novu repository prior to 0.16.0 in the Sign In with GitHub flow. An open redirect could allow an attacker to coerce a victim into opening a malicious URL, potentially enabling the attacker to access the victim’s account on ...

Novu 输入验证错误漏洞

Novu is an open source notification infrastructure for developers. An input validation error vulnerability exists in versions prior to Novu 0.16.0 that stems from the presence of an open redirection issue...