PT-2023-36301 · Unknown · Distribution

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.3 Description: The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and...

GHSA-F7QW-5PVG-MMWP Prototype Pollution in lutils-merge

All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

GHSA-4Q79-FCH7-G78Q Downloads Resources over HTTP in grunt-webdriver-qunit

Affected versions of grunt-webdriver-qunit insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...

Downloads Resources over HTTP

Overview Affected versions of grunt-webdriver-qunit insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...