CVE-2021-41129

CVE-2021-41129 affects Pterodactyl Panel. A validation flaw in the two‑factor authentication flow (LoginCheckpointController@__invoke) allows a malicious user to alter the confirmation_token to reference a cache entry containing a user_id, potentially authenticating as an arbitrary user with two‑...

Wrong index when accessing incentives

Handle pauliax Vulnerability details Impact Should be incentiveId, not positionId here: Incentive memory incentive = incentivespoolpositionId; Recommended Mitigation Steps Incentive memory incentive = incentivespoolincentiveId; --- The text was updated successfully, but these errors were...

react-here-map-interactive (>=0.0.1 <=0.9.2) potentially affected by CVE-2021-23700 via merge-deep2 (=3.0.6)

merge-deep2 NPM version =3.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on merge-deep2 and may be impacted: - react-here-map-interactive =0.0.1, =0.9.2 Source cves: CVE-2021-23700 Source advisory: SNYK:JS-MERGEDEEP2-1727593...

Missing timelock for critical contract setters of privileged roles

Handle 0xRajeev Vulnerability details Impact Setter functions for critical protocol parameters accessible only by privileged roles e.g. onlyOwner should consider adding timelocks so that users and other privileged roles in the case of a multiSig can detect upcoming changes and have the time to...

@codedungeon/gunner (>=0.38.0 <=0.80.1), @codedungeon/laravel-versions-cli (=0.1.0) +22 more potentially affected by CVE-2021-3807 via ansi-regex (>=4.0.0 <=4.1.0)

ansi-regex NPM version =4.0.0, =0.38.0, =0.0.65, =0.0.0, =0.0.41, =0.0.12, =0.0.0, =0.2.0, =3.3.69, =0.0.3, =0.2.11, =5.1.0, =4.0.58, =3.0.58, =6.0.17, =6.1.110 and more Source cves: CVE-2021-3807 Source advisory: OSV:GHSA-93Q8-GQ69-WQMW...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38843 more potentially affected by CVE-2021-3757 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38843 more potentially affected by CVE-2021-23436 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

@breautek/storm (>=2.0.0 <=3.0.0-rc.0), create-react-solution (>=1.2.0 <=4.4.1) +2 more potentially affected by CVE-2021-23421 via merge-change (>=1.5.3 <=1.8.1)

merge-change NPM version =1.5.3, =2.0.0, =1.2.0, =1.5.0, =4.0.0, =4.4.1 Source cves: CVE-2021-23421 Source advisory: OSV:GHSA-F9CV-665R-275H...

CVE-2021-39178

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

CVE-2021-39178

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

Cross site scripting

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...

CVE-2021-39178

Concisely, CVE-2021-39178 affects Next.js when using versions 10.0.0–11.0.0 and the next.config.js images.domains array includes a host that can serve user-provided SVGs. If images.loader is not the default or the app runs on Vercel, the vulnerability does not apply. The vulnerability is a cross-...

Fedora: Security Advisory for rust-tui-react (FEDORA-2021-3cf88e44b4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38843 more potentially affected by CVE-2020-28477 +1 more via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

Open Redirect in Next.js

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...

GHSA-VXF5-WXWP-M7G9 Open Redirect in Next.js

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly...

CVE-2021-37699

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly ha...

CVE-2021-37699

CVE-2021-37699 affects Next.js (open source framework for React). The vulnerability arises when pages/_error.js is statically generated in affected versions, enabling an open redirect to an attacker-controlled site. The issue is documented as open redirect in multiple sources (NVD/NVD-derived adv...

@2600hz/sds-react-native-components (>=0.1.0 <=1.8.1), @abdur-rakib/react-native-button (>=0.0.1 <=0.0.3) +624 more potentially affected by CVE-2020-1920 via react-native (>=0.63.0 <=0.64.0)

react-native NPM version =0.63.0, =0.1.0, =0.0.1, =0.1.0, =2.5.0, =0.0.1, =1.0.0, =1.0.1, =1.1.4, =1.0.0, =1.0.4, =1.0.3, =3.0.0, =1.2.1, =1.0.0, =1.0.3 and more Source cves: CVE-2020-1920 Source advisory: OSV:GHSA-7F53-FMMV-MFJV...