Malicious Package in react-server-native

Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found installed...

Malicious Package in react-dates-sc

Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found installed you...

GHSA-5645-GC7H-98H8 Malicious Package in react-dates-sc

Version 0.3.0 of react-dates-sc contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.3.0 of this module is found installed you...

Malicious Package in awesome_react_utility

Version 1.0.2 of awesomereactutility contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.2 of this module is found installed...

react-cms-editor (=0.1.71) potentially affected by CVE-2017-16080 via nodesass (=0.0.2-security)

nodesass NPM version =0.0.2-security is affected by a known vulnerability. The following packages have a transitive dependency on nodesass and may be impacted: - react-cms-editor =0.1.71 Source cves: CVE-2017-16080 Source advisory: OSV:GHSA-XFMW-2VMM-579C...

CSRF Vulnerability in polaris-website

Impact CSRF vulnerability: In some very specific circumstances, an attacker would be able to update your settings. Basically you would need to navigate to hackersite.com while logged into our panel. Then they could modify your settings. They couldn't check if it worked, nor could they read your...

@albalyu/npm-scripts (>=2.0.1 <=2.0.40), @opuscapita/eslint-config-opuscapita-bnapp (>=1.0.1 <=1.0.6) +7 more potentially affected by CVE-2020-36632 via flat (=3.0.0)

flat NPM version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on flat and may be impacted: - @albalyu/npm-scripts =2.0.1, =1.0.1, =2.2.1, =2.0.0, =0.0.1-beta.2, =4.0.1, =0.3.0-beta.16, =0.3.0-beta.83 Source cves: CVE-2020-36632 Source advisory:...

react-native-fast-image information disclosure vulnerability

react-native-fast-image is an image loading and processing package by Canadian software developer Dylan Vann. An information disclosure vulnerability exists in react-native-fast-image, which can be exploited by an attacker to cause signature credentials or other session tokens to be disclosed to...

openSUSE Security Update : SUSE Manager Client Tools (openSUSE-2020-1105)

This update fixes the following issues : dracut-saltboot : - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus : - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'ha...

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

CVE-2020-7696

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

Authorization

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

CVE-2020-7696 Information Exposure

This affects all versions of package react-native-fast-image. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to...

CVE-2020-7696

The CVE-2020-7696 entry affects all versions of react-native-fast-image. When an image is loaded with headers that include sensitive data (e.g., host and authorization in the request headers), subsequent images reuse those headers, causing potential leakage of signing credentials or session token...

@applicaster/zapp-react-native-fast-image (>=1.0.0 <=1.1.0-beta.0), @momo-platform/component-kits (=1.1.74) +5 more potentially affected by CVE-2020-7696 via react-native-fast-image (>=8.1.2 <=8.2.0)

react-native-fast-image NPM version =8.1.2, =1.0.0, =0.0.1, =0.1.0, =1.2.23 Source cves: CVE-2020-7696 Source advisory: SNYK:JS-REACTNATIVEFASTIMAGE-572228...

Information Exposure

Overview react-native-fast-image is a FastImage, performant React Native image component. Affected versions of this package are vulnerable to Information Exposure. When an image with source=uri: "...", headers: host: "somehost.com", authorization: "..." is loaded, all other subsequent images will...

app.io (>=0.0.1 <=0.0.4), feathers-validation (>=0.5.0 <=0.5.1) +6 more potentially affected by CVE-2019-10781 via schema-inspector (>=1.4.2 <=1.6.8)

schema-inspector NPM version =1.4.2, =0.0.1, =0.5.0, =3.8.1, =1.0.2, =1.0.0, =0.2.0, =0.5.0 Source cves: CVE-2019-10781 Source advisory: OSV:GHSA-R24H-634P-M72X...

@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +795 more potentially affected by CVE-2020-8149 via logkitty (>=0.4.2 <=0.6.1)

logkitty NPM version =0.4.2, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =1.0.1, =1.0.2, =1.1.0 and more Source cves: CVE-2020-8149 Source advisory: OSV:GHSA-V8V8-6859-QXM4...

WatermelonDB SQL Injection Vulnerability

WatermelonDB is the next generation React database for building powerful React and React Native applications that can scale from hundreds to tens of thousands of records while remaining fast. A SQL injection vulnerability in WatermelonDB versions prior to 0.15.1 and prior to 0.16.2, which stems...

@daedalus/angular-handsontable (>=1.0.1 <=1.0.5), @handsontable6/angular (=7.0.0) +20 more potentially affected by CVE-2020-6836 via hot-formula-parser (=2.3.3)

hot-formula-parser NPM version =2.3.3 is affected by a known vulnerability. The following packages have a transitive dependency on hot-formula-parser and may be impacted: - @daedalus/angular-handsontable =1.0.1, =0.1.10, =1.0.2, =1.0.1, =0.1.1, =1.0.0, =1.0.1, =0.1.0, =1.0.1, =0.1.2, =1.0.2 -...