Cross-Site Scripting in react-marked-markdown

All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from 'react-marked-markdown'...

GHSA-M7QM-R2R5-F77Q Cross-Site Scripting in react-marked-markdown

All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from 'react-marked-markdown'...

@addaps/doca-addaps-theme (>=1.0.1 <=1.0.6), doca-bootstrap-theme (>=0.0.6 <=1.0.0) +11 more potentially affected by unknown CVE via react-marked-markdown (=1.4.6)

react-marked-markdown NPM version =1.4.6 is affected by a known vulnerability. The following packages have a transitive dependency on react-marked-markdown and may be impacted: - @addaps/doca-addaps-theme =1.0.1, =0.0.6, =0.0.1, =0.2.1, =1.0.0, =0.0.1, =1.0.0, =0.1.1, =0.15.1, =0.1.2, =0.2.1 Sour...

Malicious Package in react-server-native

Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found installed...

GHSA-FWVP-X5GJ-773J Malicious Package in react-server-native

Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found installed...

Malicious Package in react-dates-sc

Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found installed you...

GHSA-5645-GC7H-98H8 Malicious Package in react-dates-sc

Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found installed you...

Malicious Package in awesome_react_utility

Version 1.0.2 of awesomereactutility contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed...

react-cms-editor (=0.1.71) potentially affected by CVE-2017-16080 via nodesass (=0.0.2-security)

nodesass NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on nodesass and may be impacted: - react-cms-editor =0.1.71 Source cves: CVE-2017-16080 Source advisory: OSV:GHSA-XFMW-2VMM-579C...

CSRF Vulnerability in polaris-website

Impact CSRF vulnerability: In some very specific circumstances, an attacker would be able to update your settings. Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your...

@albalyu/npm-scripts (>=2.0.1 <=2.0.40), @opuscapita/eslint-config-opuscapita-bnapp (>=1.0.1 <=1.0.6) +7 more potentially affected by CVE-2020-36632 via flat (=3.0.0)

flat NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @albalyu/npm-scripts =2.0.1, =1.0.1, =2.2.1, =2.0.0, =0.0.1-beta.2, =4.0.1, =0.3.0-beta.16, =0.3.0-beta.83 Source cves: CVE-2020-36632 Source advisory:...

react-native-fast-image information disclosure vulnerability

react-native-fast-image is an image loading and processing package by Canadian software developer Dylan Vann. An information disclosure vulnerability exists in react-native-fast-image, which can be exploited by an attacker to cause signature credentials or other session tokens to be disclosed to...

openSUSE Security Update : SUSE Manager Client Tools (openSUSE-2020-1105)

This update fixes the following issues : dracut-saltboot : - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus : - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'ha...

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

Authorization

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

CVE-2020-7696

The CVE-2020-7696 entry affects all versions of react-native-fast-image. When an image is loaded with headers that include sensitive data (e.g., host and authorization in the request headers), subsequent images reuse those headers, causing potential leakage of signing credentials or session token...

CVE-2020-7696 Information Exposure

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

@applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0), @momo-platform/component-kits (=1.1.74) +5 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=8.1.2 <=8.2.0)

react-native-fast-image NPM version =8.1.2, =1.0.0, =0.0.1, =0.1.0, =1.2.23 Source cves: CVE-2020-7696 Source advisory: SNYK:JS-REACTNATIVEFASTIMAGE-572228...

Information Exposure

Overview react-native-fast-image is a FastImage, performant React Native image component. Affected versions of this package are vulnerable to Information Exposure. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will...