4876 matches found
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
Integer overflow
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...
Design/Logic Flaw
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
CVE-2020-1913
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...
CVE-2020-1912
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...
matlab-array-utils (>=1.0.1 <=1.0.2), react-plotter (=0.0.1) potentially affected by unknown CVE via plotter (=0.5.0)
plotter NPM version =0.5.0 is affected by a known vulnerability. The following packages have a transitive dependency on plotter and may be impacted: - matlab-array-utils =1.0.1, =1.0.2 - react-plotter =0.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-65XX-C85X-WG76...
GHSA-G53W-52XC-2J85 Cross-Site Scripting in react
Affected versions of react are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize input used to create keys. This may allow attackers to execute arbitrary JavaScript if a key is generated from user input. Recommendation If you are using react 0.5.x, upgrade to version...
Cross-Site Scripting in react
Affected versions of react are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize input used to create keys. This may allow attackers to execute arbitrary JavaScript if a key is generated from user input. Recommendation If you are using react 0.5.x, upgrade to version...
192.168.0.172 (=4.6.1), 2-ways-binding-example (=0.0.1) +2232 more potentially affected by unknown CVE via react (>=0.10.0 <=0.14.0-rc1)
react NPM version =0.10.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1.10, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-HG79-J56M-FXGV...
GHSA-HG79-J56M-FXGV Cross-Site Scripting in react
Versions of react prior to 0.14.0 are vulnerable to Cross-Site Scripting XSS. The package's createElement function fails to properly validate its input object, allowing attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 0.14.0 or later...
Cross-Site Scripting in react
Versions of react prior to 0.14.0 are vulnerable to Cross-Site Scripting XSS. The package's createElement function fails to properly validate its input object, allowing attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 0.14.0 or later...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
Type confusion
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
CVE-2020-1911
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only...
GHSA-65M9-M259-7JQW Improper Authorization in react-oauth-flow
All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendation No fix ...
Improper Authorization in react-oauth-flow
All versions of react-oauth-flow fail to properly implement the OAuth protocol. The package stores secrets in the front-end code. Instead of using a public OAuth client, it uses a confidential client on the browser. This may allow attackers to compromise server credentials. Recommendation No fix ...
@rebelware/fibonacci-generator (=0.0.3), react-oauth2-auth-code-flow (>=1.0.0 <=1.0.2) potentially affected by unknown CVE via react-oauth-flow (=1.2.0)
react-oauth-flow NPM version =1.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-oauth-flow and may be impacted: - @rebelware/fibonacci-generator =0.0.3 - react-oauth2-auth-code-flow =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory:...
Malicious Package
react-dates-sc is a malicious package. The library contains code that when executed in the browser, would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl=...