136 matches found
Security Bulletin: Using untrusted strings with .replace on Babel-compiled regex named capturing groups can lead to performance degradation, which affects IBM watsonx.data
Summary Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific...
SUSE SLES15 / openSUSE 15 Security Update : ghc-pandoc (SUSE-SU-2025:02037-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02037-1 advisory. - CVE-2024-38526: Fixed Polyfill Supply Chain Attack bsc1227690. Tenable has extracted the preceding description block directly from the...
GHSA-H7CP-R72F-JXH6 pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
Summary This affects both: 1. Unsupported algos e.g. sha3-256 / sha3-512 / sha512-256 2. Supported but non-normalized algos e.g. Sha256 / Sha512 / SHA1 / sha-1 / sha-256 / sha-512 All of those work correctly in Node.js, but this polyfill silently returns highly predictable ouput Under Node.js onl...
openSUSE Security Advisory (SUSE-SU-2025:02037-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2025:02037-1 Security update for ghc-pandoc
This update for ghc-pandoc fixes the following issues: - CVE-2024-38526: Fixed Polyfill Supply Chain Attack bsc1227690...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addPortlet.polyfill.js process. An attacker can execute arbitrary HTML or JavaScript code in the context of a user's browser by editing preference menu heading messages that are rendered without proper...
Malicious code in media-recorder-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a0ea0109d577f9df113fa325e2972e99d701b2a51a9453305c09381bd93d902 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4850 Malicious code in media-recorder-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4a0ea0109d577f9df113fa325e2972e99d701b2a51a9453305c09381bd93d902 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3992 Malicious code in feast-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in feast-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f88382c749d318e08be547eac655736cdeb1c86d92ae6ab6dd46e489e668c86f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-3126 Malicious code in whatwg-node-fetch-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a1f59eebf54f348e9ae3e94af39368c59899516438f8b029e4db2d91f075ac95 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-27789
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
UBUNTU-CVE-2025-27789
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
Malicious code in nodes-polyfill-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11408 Malicious code in nodes-polyfill-webpack-plugin (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in node-polyfill-webpack-plugins (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-11407 Malicious code in node-polyfill-webpack-plugins (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in bsc-stdlib-polyfill (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis df99335a79394c76ec65c4c11bd937510961ba93b67e631d560753ab61a735b6 The OpenSSF Package Analysis project identified 'bsc-stdlib-polyfill' @ 0.0.1 npm as malicious. It is considered malicious because: - The packag...