4876 matches found
MAL-2022-5675 Malicious code in react-swipeable-wrapper-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 443af72ecaec4287934d683372a3ec0e227c8728f74ca79a6953c4e8c2ac4ad2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-666 Malicious code in @tr-digital/react-rehydrate (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2599cb34105baaf5c4b9d139c06458eb3358bd0ab2b874bbcedb2e87e4176f51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in react-video-live-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d468d734a18f047e43acca515c76ba9b95e8f540c2898360d01c8b8fe4e1a170 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5680 Malicious code in react-video-live-demo (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d468d734a18f047e43acca515c76ba9b95e8f540c2898360d01c8b8fe4e1a170 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
GHSA-MPH8-6787-R8HW Use After Free in Hermes
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
Use After Free in Hermes
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...
ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc_2.11 (>=1.13.3 <=1.15.0) +45 more potentially affected by CVE-2020-16971 via com.microsoft.azure:azure-eventhubs (>=0.10.0 <=3.2.0)
com.microsoft.azure:azure-eventhubs MAVEN version =0.10.0, =0.0.13, =1.13.3, =1.30.0, =1.20.0, =1.24.4, =1.4.0, =0.1.0, =0.6.0, =0.8.0, =3.3.0, =0.7.2, =3.0.0, =3.2.0 - com.microsoft.azure:azure-eventhubs-reactive2.12 =0.5.0 and more Source cves: CVE-2020-16971 Source advisory:...
GHSA-X4CF-6JR3-3QVP Out-of-bounds Read in Facebook Hermes
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
Out-of-bounds Read in Facebook Hermes
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
Always-Incorrect Control Flow Implementation in Facebook Hermes
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
GHSA-327C-QX3V-H673 Always-Incorrect Control Flow Implementation in Facebook Hermes
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
Signed to Unsigned Conversion Error in Facebook Hermes
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...
GHSA-PF27-929J-9PMM Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
GHSA-F5X2-XV93-4P23 Access of Resource Using Incompatible Type in Facebook Hermes
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
Access of Resource Using Incompatible Type in Facebook Hermes
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2022-29230
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting XSS vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from...
Cross site scripting
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting XSS vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from...
CVE-2022-29230 Potential cross-site scripting (XSS) vulnerability in Hydrogen
Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting XSS vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from...