3 matches found
npm Devcert Denial of Service Vulnerability
Devcert is a package for SSL development from npm, Inc. A denial of service vulnerability exists in versions prior to Devcert 1.2.1, which stems from triggering an exponential ReDoS regular expression denial of service in the Devcert package. An attacker could exploit this vulnerability to cause ...
Npm ps-kill command injection vulnerability
Npm ps-kill is an application from Npm, Inc. Npm ps-kill is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands...
JVN#69812763: cordova-plugin-ionic-webview vulnerable to path traversal
cordova-plugin-ionic-webview provided by npm, Inc. contains a path traversal vulnerability CWE-22 . Impact A remote attacker may obtain an arbitrary file such as a file related to an application on iOS device. As a result, contents of the file may be disclosed. Solution Recreate iOS application...