MAL-2024-1380 Malicious code in tcm-app-migration-miles-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9025c83532f86e4420c8cd88f4f408a7857044b1f990a20c9a64fa0cc2ea902f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-34350

CVE-2024-34350 affects Next.js (React framework). The issue arises from inconsistent interpretation of a crafted HTTP request, causing a request to be treated as both a single request and two separate requests, which can poison the response queue. Exploitation requires the affected route to use t...

Arbitrary JavaScript Execution

react-pdf is vulnerable to Arbitrary JavaScript Execution. This vulnerability is due to isEvalSupported set to true by default, allowing for the execution of arbitrary JavaScript code embedded within the PDF...

@caedman/arma (>=0.1.18 <=0.1.87), @caedman/armdda (>=0.1.85 <=1.1.89) +5 more potentially affected by CVE-2024-34341 +1 more via trix (>=0.9.1 <=1.3.1)

trix NPM version =0.9.1, =0.1.18, =0.1.85, =7.8.0, =1.0.0, =1.0.3 Source cves: CVE-2024-34341, CVE-2024-43368 Source advisory: OSV:GHSA-QJQP-XR96-CJ99...

719component (>=1.1.1 <=1.1.6), @21st-night/analytics-web (>=0.65.0 <=0.79.0) +903 more potentially affected by CVE-2024-34342 via react-pdf (>=0.0.10 <=7.7.1)

react-pdf NPM version =0.0.10, =1.1.1, =0.65.0, =0.67.0, =0.53.0, =0.53.0, =0.53.0, =0.53.0, =0.34.0, =0.49.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.48.8 and more Source cves: CVE-2024-34342 Source advisory: OSV:GHSA-87HQ-Q4GP-9WR4...

CVE-2024-34342

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

PT-2024-25799

Name of the Vulnerable Software and Affected Versions react-pdf versions prior to 7.7.3 react-pdf versions prior to 8.0.2 Description The issue arises when PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true, which is the default value. This...

React-PDF 安全漏洞

React-PDF is an application by Wojciech Maj Personal Developer. A security vulnerability exists in react-pdf. An attacker exploiting this vulnerability could execute JavaScript code...

Malicious code in uidm-react-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 46d06a0532602d59ada5b5296d3344ff79c9be233ff036127aad80ba624e6e95 The OpenSSF Package Analysis project identified 'uidm-react-lib' @ 99.99.1 npm as malicious. It is considered malicious because: - The package...

CVE-2024-34067

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

CVE-2024-34067

CVE-2024-34067 affects the Pterodactyl panel. The issue allows cross-site scripting (XSS) via importing a malicious egg or gaining access to a wings instance, potentially enabling an administrator account takeover. The vulnerability impacts Egg Docker images and Egg variables (Name, Environment v...

CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel

Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the...

@glow-app/glow-react (>=0.6.0 <=1.0.1), @glow-app/solana-client (>=0.5.2 <=1.0.4) +17 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.44.0 <=1.44.2)

@solana/web3.js NPM version =1.44.0, =0.6.0, =0.5.2, =1.1.0, =0.1.0, =1.0.5, =4.1.2, =4.1.3, =4.1.3, =0.1.20, =0.2.40, =3.2.0, =0.0.50, =0.1.0, =0.1.2 and more Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@dialectlabs/react (>=0.4.8 <=0.5.1) potentially affected by CVE-2024-30253 via @solana/web3.js (=1.38.0)

@solana/web3.js NPM version =1.38.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @dialectlabs/react =0.4.8, =0.5.1 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@jup-ag/core (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78), @jup-ag/react-hook (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78) +7 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.63.0 <=1.63.1)

@solana/web3.js NPM version =1.63.0, =3.0.0-beta.0, =3.0.0-beta.0, =0.0.1-0d5b39f4.0, =0.0.1-0f199db9.0, =4.0.0-maple-1, =0.1.0, =1.4.8, =1.0.0, =1.7.1-alpha.4 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

React Native Sms User Consent Intent Redirection Vulnerability

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...

CVE-2021-4438

A vulnerability, which was classified as critical, has been found in kyivstarteam react-native-sms-user-consent up to 1.1.4 on Android. Affected by this issue is the function registerReceiver of the file android/src/main/java/ua/kyivstar/reactnativesmsuserconsent/SmsUserConsentModule.kt. The...