4880 matches found
Default configuration
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...
CVE-2023-40027
Keystone (Node.js) vulnerability CVE-2023-40027: When ui.isAccessAllowed is undefined, the adminMeta GraphQL query is publicly accessible without a session, potentially exposing admin metadata. Affected users are those relying on a session strategy to restrict access; developers using @keystone-6...
CVE-2023-40027 Conditionally missing authorization in @keystone-6/core
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...
CVE-2023-40027 Conditionally missing authorization in @keystone-6/core
Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When ui.isAccessAllowed is set as undefined, the adminMeta GraphQL query is publicly accessible no session required. This is different to the behaviour of the default AdminUI middleware, which by default will only...
Malicious code in react-dropzone-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2617d06d7f7e79da19c8a24acc1e620c9a46dcf8b6a5087f482081c2badff0de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1440 Malicious code in react-dropzone-legacy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2617d06d7f7e79da19c8a24acc1e620c9a46dcf8b6a5087f482081c2badff0de Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-native-transparent-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1441 Malicious code in react-native-transparent-video (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cfc4c56c3c11c9b9f70d9cc95f941b8549be2b5b18c367c51ed8d531cb0f2ca6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-toolbox-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422a604d191acbb8c624bc1ef790995e034a891c2bb65d4fdf729675ed8d4ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1018 Malicious code in react-toolbox-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 422a604d191acbb8c624bc1ef790995e034a891c2bb65d4fdf729675ed8d4ae6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-intl-cdo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afcb5984f676ea2bd3bfbbac709ca2328833be4441f0579e0ce29032a7d860e4 The OpenSSF Package Analysis project identified 'react-intl-cdo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2023-1281 Malicious code in react-intl-cdo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afcb5984f676ea2bd3bfbbac709ca2328833be4441f0579e0ce29032a7d860e4 The OpenSSF Package Analysis project identified 'react-intl-cdo' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
Malicious code in uitk-react-action-list-item (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c5ae6c09c0106f49a13c2a2b42ec5ae87f855fce905b95188d6645f263a17bf8 The OpenSSF Package Analysis project identified 'uitk-react-action-list-item' @ 99.99.1 npm as malicious. It is considered malicious because: -...
Malicious code in @mendeley-internal/react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 4b3c54bd49a9cb3df935485579edbec49aa244d45e1a1f0535ceb9ee0c278871 The OpenSSF Package Analysis project identified '@mendeley-internal/react-ui' @ 100.0.1 npm as malicious. It is considered malicious because: -...
CVE-2023-37259
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
CVE-2023-37259
CVE-2023-37259 affects matrix-react-sdk. The Export Chat feature injects attacker-controlled elements into a generated document without proper escaping, causing stored XSS. The exploit runs from the null origin (document-only context) but can be used to leak message contents; a malicious homeserv...
CVE-2023-37259 Cross site scripting in Export Chat feature
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting XSS. Since the Export Chat feature...
matrix-react-sdk 跨站脚本漏洞
matrix-react-sdk is a Matrix open source component for inserting the Matrix chat/voip client into web pages. A cross-site scripting vulnerability exists in matrix-react-sdk versions 3.32.0 through 3.76.0, which stems from the Export Chat feature containing certain attacker-controlled elements in...