AZL-49126 CVE-2024-45590 affecting package reaper for versions less than 3.1.1-13

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

AZL-31719 CVE-2023-46234 affecting package reaper for versions less than 3.1.1-9

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in dsaVerify function allows an attacker to construct signatures that can be successfully verified by any...

AZL-70994 CVE-2018-19797 affecting package reaper for versions less than 3.1.1-21

In LibSass 3.5.5, a NULL Pointer Dereference in the function Sass::SelectorList::populateextends in SharedPtr.hpp used by ast.cpp and astselectors.cpp may cause a Denial of Service application crash via a crafted sass input file...