Path traversal

Overview url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path. Recommendation Upgrade to version 1.5.0 or later References - CVE - GitHub Advisory...

Withdrawn: Arbitrary Code Execution in static-eval

All versions of package static-eval are vulnerable to Arbitrary Code Execution using FunctionExpressions and TemplateLiterals. PoC: var evaluate = require'static-eval'; var parse = require'esprima'.parse; var src="function x return...

0x-relayer-cat (>=0.0.3 <=0.0.10), @0x-klaytn/asset-swapper (>=4.2.1 <=4.2.2) +4507 more potentially affected by CVE-2021-27515 via url-parse (>=0.1.5 <=1.4.7)

url-parse NPM version =0.1.5, =0.0.3, =4.2.1, =2.1.0-beta.4, =5.0.0-beta, =0.1.0-beta.2, =0.0.1, =0.0.31, =0.0.1, =1.0.2, =0.1.0, =0.1.0, =1.6.1, =0.2.0, =1.0.3, =2.1.1 and more Source cves: CVE-2021-27515 Source advisory: OSV:GHSA-9M6J-FCG5-2442...

Path traversal in url-parse

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

GHSA-9M6J-FCG5-2442 Path traversal in url-parse

url-parse before 1.5.0 mishandles certain uses of backslash such as http:/ and interprets the URI as a relative path...

CVE-2021-26543

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

CVE-2021-26543

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

DEBIAN-CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

Command injection

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

CVE-2021-26543

The "gitDiff" function in Wayfair git-parse =1.0.4 has a command injection vulnerability. Clients of the git-parse library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. The issue has been resolved in version 1.0.5...

CVE-2021-26543

The CVE-2021-26543 issue affects the Wayfair git-parse library, specifically the gitDiff function in versions

CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

CVE-2020-28016

Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parsefixphrase...

npm git-parse 操作系统命令操作系统命令注入漏洞

npm git-parse is an application from the American company npm. It is a utility program that generates a set of javascript objects that represent the current branch of the commit history of a local git repository. An operating system command injection vulnerability exists in the "gitDiff" function...

Regular Expression Denial Of Service (ReDoS)

path-parse is vulnerable to regular expression denial of service. An attacker is able to produce a denial of service condition in the application through worst-case time complexity via splitDeviceRe, splitTailRe and splitPathRe...

CVE-2021-23343

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-23343

CVE-2021-23343 affects the path-parse package. The vulnerability is a Regular Expression Denial of Service (ReDoS) via the regexes splitDeviceRe, splitTailRe, and splitPathRe. The ReDoS has polynomial worst-case time complexity. Connected telemetry from MiracleLinux AXSA advisories lists path-par...

CVE-2021-23343

All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

Exim 缓冲区错误漏洞

Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from a buffer overflow vulnerability. The vulnerability stems from a "-F" handling error in parsefixphrase. No details of the vulnerability are available at this tim...