4877 matches found
CVE-2023-34245
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2023-34245
The CVE-2023-34245 issue affects @udecode/plate-link, the link handler for the Plate editor (Slate/React). Affected versions allow JavaScript: URLs to be rendered into the DOM due to inadequate URL sanitization, enabling potential XSS through links inserted by various means. The patch in plate-li...
CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
CVE-2023-34238
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
Design/Logic Flaw
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
CVE-2023-34238
Gatsby (React-based framework) prior to versions 4.25.7 and 5.9.1 contains a Local File Inclusion (LFI) vulnerability in the __file-code-frame and __original-stack-frame paths when the Gatsby develop server is run. The issue could expose any file on the development server’s scope, with exploitati...
CVE-2023-34238 Local File Inclusion vulnerability in Gatsby
Gatsby is a free and open source framework based on React. The Gatsby framework prior to versions 4.25.7 and 5.9.1 contain a Local File Inclusion vulnerability in the file-code-frame and original-stack-frame paths, exposed when running the Gatsby develop server gatsby develop. Any file in scope o...
Malicious Package
Overview plugin-react-hooks is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...
Malicious Package
Overview react-influxdb is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
Malicious Package
Overview react-hook-form-deprecated is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if thi...
DOM Cross Site Scripting and openredirect
Vulnerable Endpoint: https://demo.saleor.io/default-channel/en-US/account/login/?next=javascript:alert1 Description: 1. Hello team, Recently i found that, on saleor React storefront dashboard there is a DOM XSS and open-redirect vulnerability Steps to reproduce XSS: 1. Go to the above mentioned...
MAL-2023-1108 Malicious code in @yuga-labs/web3-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b425c34ae84cc0a28d515b6e2a691b26410edb680096a6ee0c8ab7b8698fee20 The OpenSSF Package Analysis project identified '@yuga-labs/web3-react' @ 100.0.0 npm as malicious. It is considered malicious because: - The...
MAL-2023-602 Malicious code in mintel-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0a1835239b54b7888436777e7e123e588fdbf2fe1ca95d9162e6803d5027515e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
Malicious code in mintel-react-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0a1835239b54b7888436777e7e123e588fdbf2fe1ca95d9162e6803d5027515e Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...
MAL-2023-737 Malicious code in react-vuejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a46729b2313e52604631a44fbc0c9a6e4dea2ce5ceb901b05e055a389bfcdf8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-vuejs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a46729b2313e52604631a44fbc0c9a6e4dea2ce5ceb901b05e055a389bfcdf8e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-1310 Malicious code in stripe-terminal-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e6a4f5507735b6704fa9b04425050a6609564e66e4ad031bbc07e7900ce5610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in stripe-terminal-react-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3e6a4f5507735b6704fa9b04425050a6609564e66e4ad031bbc07e7900ce5610 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...