AZL-71131 CVE-2025-66030 affecting package reaper for versions less than 3.1.1-21

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

AZL-71125 CVE-2025-12816 affecting package reaper for versions less than 3.1.1-21

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

CBL Mariner 2.0 Security Update: reaper (CVE-2025-48387)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48387 advisory. - tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue...

CVE-2024-6484 affecting package reaper for versions less than 3.1.1-19

CVE-2024-6484 affecting package reaper for versions less than 3.1.1-19. A patched version of the package is available...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-12905)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12905 advisory. - An Improper Link Resolution Before File Access Link Following and Improper Limitation of a Pathname to a...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-52798)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52798 advisory. - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...

Azure Linux 3.0 Security Update: ntopng / reaper (CVE-2017-18214)

The version of ntopng / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-18214 advisory. - The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via ...

AZL-54020 CVE-2024-52798 affecting package reaper for versions less than 3.1.1-16

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgra...

CBL Mariner 2.0 Security Update: reaper (CVE-2020-28458)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28458 advisory. - All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for...

AZL-50114 CVE-2024-47764 affecting package reaper for versions less than 3.1.1-13

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-42459)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42459 advisory. - In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing...

AZL-47421 CVE-2024-42459 affecting package reaper for versions less than 3.1.1-11

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

AZL-42034 CVE-2024-4068 affecting package reaper for versions less than 3.1.1-9

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

AZL-34439 CVE-2023-42282 affecting package reaper for versions less than 3.1.1-10

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via isPublic...

AZL-27653 CVE-2020-24025 affecting package reaper for versions less than 3.1.1-9

Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

AZL-32178 CVE-2017-18214 affecting package reaper for versions less than 3.1.1-10

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055...