MAL-2023-8092 Malicious code in react-morning (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee974f047d12c3a9b1b48783c3c2c6c85e7f4271541509fb5f2003cd34dc197 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-morning (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ee974f047d12c3a9b1b48783c3c2c6c85e7f4271541509fb5f2003cd34dc197 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8079 Malicious code in web3-react-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a1d6d62c15a7112e41d1d0c71d79e1698232823cc6c88f392bbef2e2a772ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in web3-react-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a1d6d62c15a7112e41d1d0c71d79e1698232823cc6c88f392bbef2e2a772ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-navigation-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ac24ada2566f97d5be199f6ef9006e9556055d6747f993a8b1ae0dfb8b66a9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-navigation-area-view (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc67ff72904c84b476e3f102ad2d7c61225b500ed7e1dc8852166e2c1b88c694 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7977 Malicious code in react-navigation-area-view (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc67ff72904c84b476e3f102ad2d7c61225b500ed7e1dc8852166e2c1b88c694 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7978 Malicious code in react-navigation-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ac24ada2566f97d5be199f6ef9006e9556055d6747f993a8b1ae0dfb8b66a9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-7924 Malicious code in @webview/react-skeletor (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 756497fc47f785eae2c52c2c51d75ea29cbe95f6208c9d4c8b4ad576408efb7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

CVE-2023-41167

CVE-2023-41167 affects @webiny/react-rich-text-renderer (pre-5.37.2). The vulnerability arises from rendering rich text content via dangerouslySetInnerHTML without HTML sanitization, allowing XSS when a content manager injects malicious input into Webiny CMS/Form Builder data that is later render...

GHSA-3X59-VRMC-5MX6 @webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content

Overview @webiny/react-rich-text-renderer is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the...

@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content

Overview @webiny/react-rich-text-renderer is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the...

Malicious code in react-vis-master (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b50bcb70f028287514bfdeca61e58907a79b80687a92a949e45abc009d38974 The OpenSSF Package Analysis project identified 'react-vis-master' @ 1.12.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1536 Malicious code in react-vis-master (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b50bcb70f028287514bfdeca61e58907a79b80687a92a949e45abc009d38974 The OpenSSF Package Analysis project identified 'react-vis-master' @ 1.12.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-1535 Malicious code in stripe-identity-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb5d2bc0139deaa57cabe88a2bee12171f6b1348c6a8ae5227efd82ec4a556af The OpenSSF Package Analysis project identified 'stripe-identity-react-native-example' @ 1.0.0 npm as malicious. It is considered malicious...

Malicious code in stripe-identity-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cb5d2bc0139deaa57cabe88a2bee12171f6b1348c6a8ae5227efd82ec4a556af The OpenSSF Package Analysis project identified 'stripe-identity-react-native-example' @ 1.0.0 npm as malicious. It is considered malicious...

CVE-2023-40027

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...

Default configuration

Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...

CVE-2023-40027

Keystone (Node.js) vulnerability CVE-2023-40027: When ui.isAccessAllowed is undefined, the adminMeta GraphQL query is publicly accessible without a session, potentially exposing admin metadata. Affected users are those relying on a session strategy to restrict access; developers using @keystone-6...