CVE-2021-43803

CVE-2021-43803 affects Next.js (a React framework) where invalid or malformed URLs could crash the server in specific deployments. The issue applies to Next.js versions below 12.0.5 and above 11.1.0, with Node.js > 15.0.0, when using next start or a custom server. Deployments on Vercel and sim...

@adobe/parliament-ui-components (>=4.6.0 <=5.2.5), @apibrew/app (>=1.0.22 <=1.0.23) +44 more potentially affected by unknown CVE via swagger-ui-react (>=3.25.0 <=4.19.1)

swagger-ui-react NPM version =3.25.0, =4.6.0, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.2.0-alpha.3, =1.0.1, =1.1.0, =0.0.1, =0.0.2, =2.0.0-table.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...

Unexpected server crash in Next.js.

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...

Cross-site Scripting (XSS) - Generic in uiwjs/react-md-editor

Description XSS vulnerability through the markdown editor Proof of Concept Steps to Reproduce Visit the demo page. Past the payload in the markdown editor. Impact - Steal a user's token - Session hijacking...

react-chat-widget-all-dream (>=2.1.6 <=2.3.1) potentially affected by CVE-2021-43785 via @joeattardi/emoji-button (=2.12.1)

@joeattardi/emoji-button NPM version =2.12.1 is affected by a known vulnerability. The following packages have a transitive dependency on @joeattardi/emoji-button and may be impacted: - react-chat-widget-all-dream =2.1.6, =2.3.1 Source cves: CVE-2021-43785 Source advisory: OSV:GHSA-F34M-X9PJ-62VQ...

CVE-2021-41273

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

CVE-2021-41273

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

Cross site request forgery (csrf)

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

CVE-2021-41273

CVE-2021-41273 affects the Pterodactyl panel where CSRF protections on two routes were improperly configured, allowing a CSRF attack that could trigger: (1) sending a test email and (2) generating a node auto-deployment token. No data exfiltration is described; impact is unsolicited emails or tok...

CVE-2021-41273 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment...

Cross-site Scripting (XSS)

graphql-playground-react is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in Properties.html allowing an attacker to inject and execute malicious javascript...

@graphql-mesh/cli (>=0.12.0 <=0.19.2), @graphql-mesh/container (>=0.0.4 <=0.0.6) potentially affected by CVE-2021-41248 +1 more via graphql-playground-react (=1.7.27)

graphql-playground-react NPM version =1.7.27 is affected by a known vulnerability. The following packages have a transitive dependency on graphql-playground-react and may be impacted: - @graphql-mesh/cli =0.12.0, =0.0.4, =0.0.6 Source cves: CVE-2021-41248, CVE-2021-41249 Source advisory:...

CVE-2021-41249 XSS vulnerability in GraphQL Playground

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...

CVE-2021-41176

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...

CVE-2021-41176

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...

CVE-2021-41176

CVE-2021-41176 describes a cross-site request forgery (CSRF) vulnerability in Pterodactyl Panel where a signed-in user can be logged out if they visit a malicious site that makes a request to the Panel’s sign-out endpoint. This requires targeting a specific Panel instance and only signs the user ...

CVE-2021-41176 logout CSRF in Pterodactyl Panel

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted...

Security Bulletin: Vulnerabilities in Urllib3 and react-bootstrap-table affect IBM Spectrum Discover.

Summary Vulnerabilities in Urllib3 and react-bootstrap-table such as problems on the regular expression cause denial of service, improper validations in parameters and problems related to cross-site scripting, may affect IBM Spectrum Discover. Vulnerability Details CVEID: CVE-2021-33503...

Evernote: 2 click Remote Code execution in Evernote Android

This vulnerability is similar to my previous reported vulnerability 1362313 , in here also weakness is path transversal vulnerability which helps me to acheive code execution but the root cause is different. some part of this app is written in java and some parts are written in react native. In...

0.8.18-p11 (=0.8.18-p12), @msvx/component (>=1.0.1 <=1.2.2) +24 more potentially affected by CVE-2021-42227 via kindeditor (=4.1.10)

kindeditor NPM version =4.1.10 is affected by a known vulnerability. The following packages have a transitive dependency on kindeditor and may be impacted: - 0.8.18-p11 =0.8.18-p12 - @msvx/component =1.0.1, =0.0.1, =0.2.3, =0.1.1, =0.0.1, =0.0.3-p12, =4.1.9, =1.3.50, =1.0.0, =0.0.1, =0.2.49,...