4913 matches found
4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3245 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)
mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...
Osmedeus - Fully Automated Offensive Security Tool For Reconnaissance And Vulnerability Scanning
Osmedeus allows you automated run the collection of awesome tools to reconnaissance and vulnerability scanning against the target. How to use If you have no idea what are you doing just type the command below or check out the Advanced Usage ./osmedeus.py -t example.com Installation git clone...
@anzeblabla/react-native-markdown-editor (>=1.0.3 <=2.1.1), @gorangajic/react-native-markdown (=0.1.1) +22 more potentially affected by CVE-2019-9844 via simple-markdown (>=0.0.9 <=0.4.2)
simple-markdown NPM version =0.0.9, =1.0.3, =1.3.0, =1.0.1, =1.0.4, =2.3.0, =0.1.0, =1.2.0, =2.4.0, =1.2.0, =1.1.0, =1.0.0, =1.10.0 and more Source cves: CVE-2019-9844 Source advisory: OSV:GHSA-QJ3F-9GMQ-FWV5...
GHSA-MVJJ-GQQ2-P4HW Cross-Site Scripting in react-dom
Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...
Cross-Site Scripting in react-dom
Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...
@anujboddu/searchbar (>=2.0.0 <=2.1.1), @dlghq/dialog-components (>=0.146.0 <=0.149.7) +42 more potentially affected by CVE-2018-6341 via react-dom (>=16.1.0 <=16.1.1)
react-dom NPM version =16.1.0, =2.0.0, =0.146.0, =4.0.1, =0.0.7, =1.0.0, =1.0.0, =1.1.0, =1.3.9, =1.1.10, =1.0.6, =0.0.12, =0.1.0, =3.6.3, =3.7.4 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
@activelylearn/react-pdf (=2.5.2), @aglet/components (>=1.3.3 <=2.0.1) +330 more potentially affected by CVE-2018-6341 via react-dom (=16.2.0)
react-dom NPM version =16.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @activelylearn/react-pdf =2.5.2 - @aglet/components =1.3.3, =0.1.1-alpha.0, =1.0.5, =0.0.1, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =0.1.0, =3.0.4,...
@belong-ui/button (>=0.0.1 <=0.1.4), @belong-ui/checkbox (>=0.0.10 <=0.1.4) +135 more potentially affected by CVE-2018-6341 via react-dom (=16.0.0)
react-dom NPM version =16.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on react-dom and may be impacted: - @belong-ui/button =0.0.1, =0.0.10, =0.0.4, =0.0.6, =0.1.3, =0.0.5, =0.1.1, =0.0.12, =0.0.11, =0.0.7, =0.1.3, =0.0.1, =1.2.7, =1.2.7, =1.2.7,...
@amory/patch-gatsby (>=2018.4.29-8 <=2018.5.11-5), @amory/patches (>=2018.5.11-6 <=2018.5.23-7) +226 more potentially affected by CVE-2018-6341 via react-dom (>=16.3.0 <=16.3.2)
react-dom NPM version =16.3.0, =2018.4.29-8, =2018.5.11-6, =2.0.0-rc.2, =0.0.5, =0.0.1, =1.9.1, =1.3.2, =1.6.0, =1.5.0, =1.5.0, =1.5.0, =1.5.0, =1.3.2, =1.1.0, =1.1.3 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
@akiolabs/analytics (>=0.0.3 <=0.0.4), @akiolabs/app (>=0.0.2 <=0.0.4) +221 more potentially affected by CVE-2018-6341 via react-dom (>=16.4.0 <=16.4.1)
react-dom NPM version =16.4.0, =0.0.3, =0.0.2, =0.0.1, =2018.5.24-0, =2018.6.17-2, =2018.7.11-0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.0-beta.0, =0.0.2, =0.0.22-alpha.1, =1.1.0, =1.0.0, =1.6.1 and more Source cves: CVE-2018-6341 Source advisory: OSV:GHSA-MVJJ-GQQ2-P4HW...
@enact/cli (>=0.9.6 <=0.9.8), abt.api.web (=0.0.3) +26 more potentially affected by CVE-2018-6342 via react-dev-utils (>=3.0.0 <=3.1.1)
react-dev-utils NPM version =3.0.0, =0.9.6, =4.2.0, =1.5.1, =0.15.0, =0.7.0, =0.7.0, =0.1.0, =0.1.4, =1.9.2, =0.0.1, =0.0.1, =0.0.3 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...
@5minutes2start/react-scripts (>=1.1.2 <=1.1.4), @biko/react-scripts (>=0.1.0 <=0.4.0) +132 more potentially affected by CVE-2018-6342 via react-dev-utils (>=4.0.0 <=4.2.1)
react-dev-utils NPM version =4.0.0, =1.1.2, =0.1.0, =0.8.12, =0.1.0, =0.0.1, =2.13.0, =2.14.0, =0.2.0, =0.3.0, =0.2.2, =0.2.10-SNAPSHOT.481, =0.2.10-SNAPSHOT.673 - @leizeng/react-scripts-ts =2.13.0 and more Source cves: CVE-2018-6342 Source advisory: OSV:GHSA-29GP-92WP-94Q8...
@yaochuxia/roadhog (=1.0.9), svmx-react-scripts (>=1.1.4 <=1.1.17) +1 more potentially affected by CVE-2018-6342 via react-dev-utils (=2.0.1)
react-dev-utils NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on react-dev-utils and may be impacted: - @yaochuxia/roadhog =1.0.9 - svmx-react-scripts =1.1.4, =0.1.0, =0.1.1 Source cves: CVE-2018-6342 Source advisory:...
@1337lawyers/design (>=0.1.0 <=0.1.38), @9188/w-cli (>=1.0.0 <=1.0.4) +50 more potentially affected by CVE-2018-6342 via react-dev-utils (>=5.0.0 <=5.0.1)
react-dev-utils NPM version =5.0.0, =0.1.0, =1.0.0, =0.4.1, =0.1.0-latest.1a450bb3, =1.0.5, =1.0.0-beta.28, =1.0.1, =1.0.0, =1.0.0, =0.26.4, =0.0.0-legacy, =3.10.0-beta.0, =0.1.0-alpha.0, =2.1.16, =2.3.5 - aqxy-common-ui =0.0.1 and more Source cves: CVE-2018-6342 Source advisory:...
GHSA-29GP-92WP-94Q8 react-dev-utils on Windows vulnerable to Remote Code Execution
react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...
react-dev-utils on Windows vulnerable to Remote Code Execution
react-dev-utils on Windows is vulnerable to remote code execution. Recommendation Update to one of the following versions, depending on the release line that you are using. - 1.0.4 - 2.0.2 - 3.1.2 - 4.2.2 - 5.0.2 - 6.0.0-next.a671462c...
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
Cross site scripting
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was...
CVE-2018-6342
The CVE-2018-6342 entry concerns react-dev-utils on Windows, where a local webserver accepts commands including one to launch an editor. The input to that command is not properly sanitized, enabling an attacker who can issue a network request (via CSRF or direct request) to execute arbitrary comm...