Malicious code in frontend-components-react-transpiled (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 463e9359f450d451e47eef2a46a82e6d6fe266ffa312c37239b9e2fda0a440fb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in oasis-os-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6498095a1cca97f72b428b0ee87d8238a47478af4af6bb1c0519386b5a26247 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8520 Malicious code in oasis-os-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b6498095a1cca97f72b428b0ee87d8238a47478af4af6bb1c0519386b5a26247 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

@agentlab/ldkg-ui-basetable (=0.1.1), @agentlab/ldkg-ui-charts (>=0.1.2 <=0.1.7) +330 more potentially affected by CVE-2023-48219 via tinymce (>=4.5.1 <=5.10.8)

tinymce NPM version =4.5.1, =0.1.2, =0.3.7, =0.1.17, =1.0.0, =1.0.0, =1.33.0, =1.0.0-alpha.39-baliz, =4.3.0, =0.5.0, =0.1.0, =0.0.4, =0.1.2, =0.8.4, =0.8.5 and more Source cves: CVE-2023-48219 Source advisory: OSV:GHSA-V626-R774-J7F8...

MAL-2023-8481 Malicious code in extract-react-types-mono-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97291f1a69bcf0454ce9436e0b9962597636b4422b1a88ff5272fdd93d91c165 The OpenSSF Package Analysis project identified 'extract-react-types-mono-repo' @ 0.0.2 npm as malicious. It is considered malicious because: -...

Malicious code in extract-react-types-mono-repo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 97291f1a69bcf0454ce9436e0b9962597636b4422b1a88ff5272fdd93d91c165 The OpenSSF Package Analysis project identified 'extract-react-types-mono-repo' @ 0.0.2 npm as malicious. It is considered malicious because: -...

Malicious code in react-18-viem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ab3496e80f456724e73563a2fef64ff6928d569e6e730832dd7de084aa0b3655 The OpenSSF Package Analysis project identified 'react-18-viem' @ 0.1.1 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8469 Malicious code in react-18-viem (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ab3496e80f456724e73563a2fef64ff6928d569e6e730832dd7de084aa0b3655 The OpenSSF Package Analysis project identified 'react-18-viem' @ 0.1.1 npm as malicious. It is considered malicious because: - The package...

Malicious code in frontegg-react-sanity-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb25e4621d231dcfb19174b3d68e319d416128e938f699d683cd4cd436f0fd10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8458 Malicious code in frontegg-react-sanity-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb25e4621d231dcfb19174b3d68e319d416128e938f699d683cd4cd436f0fd10 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-46134 D-Tale vulnerable to Remote Code Execution through the Custom Filter Input

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-46134 D-Tale vulnerable to Remote Code Execution through the Custom Filter Input

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

CVE-2023-46134

CVE-2023-46134 concerns D-Tale, a Flask back-end + React front-end tool for Pandas data. The vulnerability arises from the Custom Filter input, enabling remote code execution when D-Tale is hosted publicly and the input is not properly restricted. The issue was patched in version 3.7.0 by turning...

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

GHSA-RXRC-RGV4-JPVX React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

4help-app-shared (>=1.0.21 <=1.0.26), 4help-shared (>=1.0.2 <=1.0.20) +3208 more potentially affected by CVE-2023-5654 via react-devtools-core (>=1.0.6 <=4.28.0)

react-devtools-core NPM version =1.0.6, =1.0.21, =1.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.22, =0.0.12, =1.2.0, =1.0.4, =0.0.1, =0.0.6 and more Source cves: CVE-2023-5654 Source advisory: OSV:GHSA-RXRC-RGV4-JPVX...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

Input validation

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The CVE-2023-5654 issue affects the React Developer Tools extension and is caused by a content-script listener registered with window.addEventListener('message', …) that fetches a URL derived from a received message without validating/sanitising it. This allows a malicious page to trigger the vic...