matrix-react-skin (>=0.0.1 <=0.0.2), vector-web (=0.3.0) potentially affected by CVE-2021-32622 via matrix-react-sdk (>=0.0.1 <=0.2.0)

matrix-react-sdk NPM version =0.0.1, =0.0.1, =0.0.2 - vector-web =0.3.0 Source cves: CVE-2021-32622 Source advisory: OSV:GHSA-CG57-P69R-3M7P...

GHSA-CG57-P69R-3M7P Improper file handling in matrix-react-sdk

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Improper file handling in matrix-react-sdk

Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip client into a web page. Before version 3.21.0, when uploading a file, the local file preview can lead to execution of scripts embedded in the uploaded file. This can only occur after several user interactions to open the previ...

Code injection

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721 DOS Vulnerability in next.js

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...

CVE-2022-21721

Next.js (React framework) versions 12.0.0 through before 12.0.9 are affected by a DoS vulnerability in the built-in i18n support when using next start or a custom server. Affected deployments exclude those on Vercel or similar filtered environments. A patch exists: [email protected]. Workaround: block ...

@loopspeed/epubjs-rn (>=0.2.38 <=0.2.77), @muriloneo/epubjs-rn (=0.2.37) +8 more potentially affected by CVE-2021-33040 via epubjs (>=0.2.21 <=0.3.88)

epubjs NPM version =0.2.21, =0.2.38, =0.3.25, =0.2.33, =0.2.5, =0.1.0, =0.0.9, =0.2.37, =0.13.1, =0.13.2 - unext-epub-viewer =1.0.0 Source cves: CVE-2021-33040 Source advisory: OSV:GHSA-C6RP-XVQV-MWMF...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native apps to improve the performance of mobile client apps, but not server-side infrastructures such as browsers & Node.js. A security vulnerability exists in Facebook Hermes, which...

7Rapid Questions: Stephen Donnelly

At Rapid7, there's no shortage of passionate leaders looking to challenge convention and make an impact. Our "7Rapid Questions" series is a way to highlight some of the amazing work taking place behind the scenes, and the exciting growth opportunities available in our global offices. For this...

react-here-map-interactive (>=0.0.1 <=0.9.2) potentially affected by CVE-2021-23700 via merge-deep2 (=3.0.6)

merge-deep2 NPM version =3.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on merge-deep2 and may be impacted: - react-here-map-interactive =0.0.1, =0.9.2 Source cves: CVE-2021-23700 Source advisory: OSV:GHSA-J28Q-P8WW-CP87...

CVE-2021-24045

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

Type confusion

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected...

Facebook Hermes 安全漏洞

Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but not server-side infrastructures such as browsers & Node.js. A security vulnerability exists in Facebook Hermes...

192.168.0.172 (=4.6.1), @attivio/suit (>=0.0.47 <=1.0.7) +76 more potentially affected by CVE-2021-23398 via react-bootstrap-table (>=1.6.2 <=4.3.1)

react-bootstrap-table NPM version =1.6.2, =0.0.47, =1.0.0, =0.3.1, =0.1.1, =1.21.0, =0.15.0-beta-1, =0.0.1, =1.14.3, =1.0.1, =1.0.70 and more Source cves: CVE-2021-23398 Source advisory: OSV:GHSA-2589-W6XF-983R...

GHSA-2589-W6XF-983R Cross-site scripting in react-bootstrap-table

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

Cross-site scripting in react-bootstrap-table

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting XSS via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output...

CVE-2021-43803

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...

CVE-2021-43803

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...

Code injection

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...