PT-2024-7453 · Unknown · Matrix-React-Sdk

Name of the Vulnerable Software and Affected Versions: matrix-react-sdk versions 3.18.0 through 3.101.9 Description: The issue is related to insufficient protection of service data, allowing a malicious homeserver to potentially steal message keys for a room when a user invites another user to th...

Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components

Impact We have identified a Cross-Site Scripting XSS vulnerability within certain React components related to community members in the Invenio-Communities module. This vulnerability enables a user to inject a script tag into the Affiliations field during the account registration process. The...

MAL-2024-9968 Malicious code in discord-react (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bc34a3a31bb6498c18b917bfd0c3049006f5c630220a45dbef402db8ef290775 The OpenSSF Package Analysis project identified 'discord-react' @ 0.0.0.1 pypi as malicious. It is considered malicious because: - The package...

Malicious code in discord-react (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis bc34a3a31bb6498c18b917bfd0c3049006f5c630220a45dbef402db8ef290775 The OpenSSF Package Analysis project identified 'discord-react' @ 0.0.0.1 pypi as malicious. It is considered malicious because: - The package...

tauri-async-handler (>=0.1.0 <=0.4.0), tauri-react (=0.1.0) potentially affected by CVE-2024-35222 via tauri (>=0.10.0 <=0.9.2)

tauri CARGO version =0.10.0, =0.1.0, =0.4.0 - tauri-react =0.1.0 Source cves: CVE-2024-35222 Source advisory: OSV:GHSA-57FM-592M-34R7...

MAL-2024-1380 Malicious code in tcm-app-migration-miles-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9025c83532f86e4420c8cd88f4f408a7857044b1f990a20c9a64fa0cc2ea902f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-34350

CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...

Arbitrary JavaScript Execution

react-pdf is vulnerable to Arbitrary JavaScript Execution. This vulnerability is due to isEvalSupported set to true by default, allowing for the execution of arbitrary JavaScript code embedded within the PDF...

@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +5 more potentially affected by CVE-2024-34341 +1 more via trix (>=0.9.1 <=1.3.1)

trix NPM version =0.9.1, =0.1.18, =0.1.85, =7.8.0, =1.0.0, =1.0.3 Source cves: CVE-2024-34341, CVE-2024-43368 Source advisory: OSV:GHSA-QJQP-XR96-CJ99...

719component (>=1.1.1 <=1.1.6), @21st-night/analytics-web (>=0.65.0 <=0.79.0) +897 more potentially affected by CVE-2024-34342 via react-pdf (>=0.0.10 <=7.7.1)

react-pdf NPM version =0.0.10, =1.1.1, =0.65.0, =0.67.0, =0.53.0, =0.53.0, =0.53.0, =0.53.0, =0.34.0, =0.49.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.48.8 and more Source cves: CVE-2024-34342 Source advisory: OSV:GHSA-87HQ-Q4GP-9WR4...

CVE-2024-34342

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

React-PDF 安全漏洞

React-PDF is an application by Wojciech Maj Personal Developer. A security vulnerability exists in react-pdf. An attacker exploiting this vulnerability could execute JavaScript code...

PT-2024-25799

Name of the Vulnerable Software and Affected Versions react-pdf versions prior to 7.7.3 react-pdf versions prior to 8.0.2 Description The issue arises when PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true, which is the default value. This...

Malicious code in uidm-react-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46d06a0532602d59ada5b5296d3344ff79c9be233ff036127aad80ba624e6e95 The OpenSSF Package Analysis project identified 'uidm-react-lib' @ 99.99.1 npm as malicious. It is considered malicious because: - The package...

CVE-2024-34067

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

CVE-2024-34067

CVE-2024-34067 affects the Pterodactyl panel. The issue allows cross-site scripting (XSS) via importing a malicious egg or gaining access to a wings instance, potentially enabling an administrator account takeover. The vulnerability impacts Egg Docker images and Egg variables (Name, Environment v...

CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

@dialectlabs/react (>=0.4.8 <=0.5.1) potentially affected by CVE-2024-30253 via @solana/web3.js (=1.38.0)

@solana/web3.js NPM version =1.38.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @dialectlabs/react =0.4.8, =0.5.1 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...