3 matches found
Insufficient Verification of Data Authenticity
Overview org.webjars.npm:sm-crypto is a sm-crypto Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the SM2 decryption logic. An attacker can recover sensitive private key material by repeatedly interacting with the decryption interface...
Expired Pointer Dereference
Overview Affected versions of this package are vulnerable to Expired Pointer Dereference in the parsing process of xsl nodes. An attacker can cause the application to crash by triggering the dereference of expired pointers after memory has been freed. Remediation A fix was pushed into the master...
Use After Free
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free through the V8 engine. An attacker can potentially exploit heap corruption by crafting a...