MAL-2022-2121 Malicious code in commerce-sdk-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b493faaa84a8ccd6bcc5a53210a270e361868038633326c140d91f6ef9fce23b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in commerce-sdk-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b493faaa84a8ccd6bcc5a53210a270e361868038633326c140d91f6ef9fce23b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-nesting-example-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a6877c514ae49fccfe170b75f8405a65c085e2bb1d3d78b1ce4d44bff375d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5660 Malicious code in react-nesting-example-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a6877c514ae49fccfe170b75f8405a65c085e2bb1d3d78b1ce4d44bff375d8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in shopee-ui-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 80845246a6fd9c6cdc2638d9ac464a4353a8687bcb7ad02430731c0646d9d312 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-39382

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...

Design/Logic Flaw

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/email protected || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what you...

CVE-2022-39382

Keystone (Node.js) vulnerability CVE-2022-39382 affects @keystone-6/core versions 3.0.0 and 3.0.1. The issue arises when NODE_ENV is inlined to the string "development" for user code in production builds, potentially triggering security‑sensitive functionality unintentionally. The vulnerability i...

CVE-2022-39382 NODE_ENV in Keystone defaults to development with esbuild

Keystone is a headless CMS for Node.js — built with GraphQL and React.@keystone-6/[email protected] || 3.0.1 users that use NODEENV to trigger security-sensitive functionality in their production builds are vulnerable to NODEENV being inlined to "development" for user code, irrespective of what your...

Malicious code in boost-for-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8da6dcc96b2c067367ff27f7f02a880d0e12449e6bf8595898ca728c7e6a3376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1647 Malicious code in boost-for-react-native (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8da6dcc96b2c067367ff27f7f02a880d0e12449e6bf8595898ca728c7e6a3376 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5670 Malicious code in react-redux-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1317918bed3a26481cc0f2581c7902fde3cb69f75efdf9ab9f4fc365d5abf451 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5669 Malicious code in react-redux-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 923626e0b4bdb65be6f322ccc7a88eb917c23f0c7e1a122ae4f8723b0b2959f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-redux-7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1317918bed3a26481cc0f2581c7902fde3cb69f75efdf9ab9f4fc365d5abf451 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-redux-4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 923626e0b4bdb65be6f322ccc7a88eb917c23f0c7e1a122ae4f8723b0b2959f0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in @nexthink/kendo-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f467a184cd4128f3ff5582509381c6a9d5f501b958106f179f6b4a00bf0cf4b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Spring at JavaOne 2022

Hi, Spring fans! Its Sunday the 16th of October as I write this and Im winging my way to sunny Las Vegas, Nevada, where Ill be attending and presenting at the first JavaOne show in years! It didnt exist as the JavaOne we know and love for years, even before the pandemic interrupted life as we kno...

CVE-2022-35289

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2022-35289

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...