Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

Hacker One
Hacker Oneadded 2021/10/19 6:21 p.m.217 views

SHEIN: RCE via npm misconfig -- installing internal libraries from the public registry

The following node package has been installed on at least one shein owned build/development server directly from the public npm registry. https://www.npmjs.com/package/shineout-mobile This package should normally be downloaded from the internal shein registry, but a misconfiguration appears to ha...

7.6AI score
Exploits0
Hacker One
Hacker Oneadded 2020/10/13 3:27 p.m.198 views

Uber: RCE via npm misconfig -- installing internal libraries from the public registry

The hacker spotted some orphaned references to Uber-branded Node.js library packages and claimed them on the public NPM registry to run their own proof-of-concept code. Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies...

2.4AI score
Exploits0
Hacker One
Hacker Oneadded 2020/07/16 6:14 p.m.91 views

PayPal: RCE via npm misconfig -- installing internal libraries from the public registry

A Bug Bounty researcher identified an issue where certain development projects defaulted to the public NPM registry, instead of using the intended internal packages. Since the packages on the public registry did not exist, the researcher created these and observed they were downloaded. Had these...

0.9AI score
Exploits0
Rows per page
Query Builder