CVE-2025-25975

A flaw was found in the parse-git-config package. Affected versions of this package allow an attacker to obtain sensitive information via the expandKeys function...

0xrtest (=1.0.0), 3gtel-frontend-platform (=1.0.0) +2918 more potentially affected by CVE-2025-25975 via parse-git-config (>=0.1.0 <=3.0.0)

parse-git-config NPM version =0.1.0, =1.0.2, =4.2.1, =0.0.1, =0.0.1, =11.0.1, =1.2.0, =0.1.0, =0.0.1, =0.2.1, =0.0.2, =0.0.4 and more Source cves: CVE-2025-25975 Source advisory: OSV:GHSA-8G77-54RH-46HX...

Prototype Pollution Vulnerability in parse-git-config

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

GHSA-8G77-54RH-46HX Prototype Pollution Vulnerability in parse-git-config

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

Prototype Pollution

Overview org.webjars.npm:parse-git-config is a Parse .git/config into a JavaScript object. sync or async. Affected versions of this package are vulnerable to Prototype Pollution via the expandKeys function. An attacker can obtain sensitive information by exploiting the improper handling of key...

CVE-2025-25975

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

CVE-2025-25975

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

parse-git-config 安全漏洞

parse-git-config is a library from the individual developer Jon Schlinkert. A security vulnerability exists in parse-git-config version 3.0.0, which stems from the expandKeys function that could lead to the disclosure of sensitive information...

CVE-2025-25975

CVE-2025-25975 affects the JavaScript library parse-git-config v3.0.0. The issue is information disclosure caused by improper handling of key expansion in the expandKeys function, leading to potential leakage of sensitive data. Multiple sources (including Veracode and Red Hat advisories) describe...

CVE-2025-25975

An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function...

PT-2025-27690

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A bug in the Linux kernel has been resolved, specifically an out-of-bounds issue in the usbhid parse function. The struct hid descriptor has been updated to reflect the mandatory and...

Medium: php8.3

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

Medium: ecs-init

Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 Affected Packages: ecs-init Note: This advisory is applicable to Amazon...

Amazon Linux 2 : ecs-init (ALASECS-2025-049)

The version of ecs-init installed on the remote host is prior to 1.89.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-049 advisory. An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resultin...

Linux Distros Unpatched Vulnerability : CVE-2020-8124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks...

DEBIAN-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

AZL-57828 CVE-2025-27219 affecting package ruby for versions less than 3.1.4-9

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

UBUNTU-CVE-2025-27219

In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...

Allocation of Resources Without Limits or Throttling

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Cookie.parse method. An attacker can cause nonlinear resource consumption by providing a malicious cooke. Remediati...