2 matches found
BIT-NODE-MIN-2022-32212
A OS Command Injection vulnerability exists in Node.js versions 14.20.0, 16.20.0, 18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks...
CVE-2024-4354
CVE-2024-4354 concerns the WordPress plugin TablePress (