Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2021/08/26 5:0 p.m.41 views

CVE-2021-23406

A flaw was found in nodejs-pac-resolver. A remote code execution can occur with untrusted input, due to unsafe PAC file handling. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

9.8CVSS3.1AI score0.02863EPSS
Exploits1References6
Veracode
Veracode
added 2021/08/25 6:15 a.m.17 views

Remote Code Execution

degenerator is vulnerable to remote code execution. The vulnerability exists due to unsafe PAC file handling...

9.8CVSS2.6AI score0.02863EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2021/08/24 8:15 a.m.16 views

Input validation

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

7.5CVSS9.4AI score0.02863EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2021/08/24 7:45 a.m.27 views

CVE-2021-23406 Remote Code Execution (RCE)

This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer...

8.1CVSS9.7AI score0.02863EPSS
Exploits1References5
OSV
OSV
added 2017/03/23 7:19 a.m.9 views

MGASA-2017-0079 Updated kdelibs4 packages fix security vulnerability

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL enables the attacker to expose full https URLs. This is a security issue since https URLs may contain sensitive information in the URL authentication part user:password@host, and in the path and th...

5.5CVSS5.6AI score0.00828EPSS
Exploits0References3
Rows per page
Query Builder