Code injection

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

cve-services 安全漏洞

cve-services is an open source project. It is used to operate the CVE Services API. A security vulnerability exists in cve-services that originates from the storage of randomKey in plain text in the data.js script. a remote attacker could gain unauthorized access to sensitive information on the...

CVE-2022-31004 Potential secrets being logged to disk in CVE Services

CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were call...

Insecure Pseudorandom Number Generation

randomkey is vulnerable to insecure pseudorandom number generation. The vulnerability exists because it uses Math.random instead of cryptographically secure pseudorandom number generation...