2 matches found
CRLF Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to CRLF Injection via the downloadICS.php process. An attacker can inject arbitrary calendar events and spoof event details by supplying specially crafted input...
Arbitrary Code Execution
Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError: Maximum call stack size exceeded. PoC by Jonathan Leitschuh const theFunction = function const f = Buffer.prototype.write...