15 matches found
Malicious Package
Overview grunt-qunit-tap is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2025-47991 Malicious code in grunt-qunit-tap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4c0ee680338b5f96b2a084cf0591caad929e414bd9f3f485d06718bc2b548f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
EUVD-2025-32643
Malicious code in grunt-qunit-tap npm...
Malicious code in grunt-qunit-tap (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b4c0ee680338b5f96b2a084cf0591caad929e414bd9f3f485d06718bc2b548f4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2722 Malicious code in ember-qunit-notifications (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware dc47451079e1f47069d95c3970f9db3b1ca0cf6746052c61e3c2dfb27cac6b6f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5566 Malicious code in qunit-begin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b929a1f556c9d20fc74710d9609712fb8790c92576e92babcdbe8267022e6752 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in qunit-begin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b929a1f556c9d20fc74710d9609712fb8790c92576e92babcdbe8267022e6752 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Cross-site Scripting (XSS)
qunit is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not escape the value of details.source in innerHTML of reporter/html.js...
GHSA-4Q79-FCH7-G78Q Downloads Resources over HTTP in grunt-webdriver-qunit
Affected versions of grunt-webdriver-qunit insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
Downloads Resources over HTTP in grunt-webdriver-qunit
Affected versions of grunt-webdriver-qunit insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
@mach25/karma-qunit-jsmockito-jshamcrest (>=0.0.1 <=0.0.2), jsmockito (>=1.0.4 <=1.0.5) +3 more potentially affected by CVE-2016-10521 via jshamcrest (>=0.6.7 <=0.7.1)
jshamcrest NPM version =0.6.7, =0.0.1, =1.0.4, =0.0.2, =0.0.0, =0.3.1, =0.15.0 Source cves: CVE-2016-10521 Source advisory: OSV:GHSA-XJ62-87PG-VCV3...
CVE-2016-10606
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...
CVE-2016-10606
grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controll...
CVE-2016-10606
The CVE-2016-10606 issue affects grunt-webdriver-qunit, a Grunt plugin for running QUnit with WebDriver. The root cause is insecurely downloading a binary over HTTP, enabling an attacker with a privileged network position to intercept and substitute the binary, potentially leading to remote code ...
Downloads Resources over HTTP
Overview Affected versions of grunt-webdriver-qunit insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...