GHSA-HGP8-W8FJ-R4CM ToolJet is vulnerable to Denial of Service (DoS)

ToolJet/ToolJet placed no limit on the file size for user avatars. This could cause a denial of service if too many users upload large files. This is fixed in commit 01cd3f0464747973ec329e9fb1ea12743d3235cc in version 1.27.0. tooljet is no longer listed on npmjs.com but was listed on npmjs.com in...

Mail.ru: [app-01.youdrive.club] RCE in CI/CD via dependency confusion

Dependency confusion allowed remote code execution in youdrive CI/CD pipeline as was demonstrated by researcher via creation of public npmjs.com package matching internal dependancy. I've extracted and saved the content of package.json file for further research during investigating the previous...

CVE-2019-17636

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given...