72 matches found
browserify-sourcemap-poc
This is a proof-of-concept repository for browserify source mapping. The repository contains a index.js file that reads the contents of three JavaScript files foo.js, bar.js, and sub/foo.js and creates a source map for each file. The source map is then used to map the original source code to the...
Linux Distros Unpatched Vulnerability : CVE-2021-23368
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing. CVE-2021-23368 Note tha...
CVE-2024-38327
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...
CVE-2024-38327
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...
CVE-2024-38327
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...
CVE-2024-38327
CVE-2024-38327 affects IBM Analytics Content Hub (versions 2.0–2.3). Affected component is the exposed JavaScript source map, which can enable information disclosure and potentially aid attacks by reading/debugging the API’s JavaScript. The reported impact is information exposure with potential f...
CVE-2024-38327 IBM Analytics Content Hub information disclosure
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...
CVE-2024-38327 IBM Analytics Content Hub information disclosure
IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API...
Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities
Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Unrestricted File Upload, Information Disclosure, Java Source Map and Verbose Messaging vulnerabilities. This Security...
PT-2025-29095 · Ibm · Ibm Analytics Content Hub
Name of the Vulnerable Software and Affected Versions: IBM Analytics Content Hub versions 2.0 through 2.3 Description: IBM Analytics Content Hub is susceptible to information disclosure and potential further attacks due to an exposed JavaScript source map. This exposure could allow an attacker to...
MAL-2025-4352 Malicious code in gatsby-plugin-source-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf49f8eebef7efd6ec079a3a0196b2b1eaeaf516da7db094412f8d5080f61f0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in gatsby-plugin-source-map (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cf49f8eebef7efd6ec079a3a0196b2b1eaeaf516da7db094412f8d5080f61f0f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Security Bulletin: IBM Event Endpoint Management is vulnerable to a Directory Traversal (or path traversal) attack (CVE-2024-21540).
Summary Operator of IBM Event Endpoint Management is vulnerable to a Directory Traversal or path traversal attack due to the source-map-support library. It helps to show original source code in error stack traces for better debugging. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in source-map-support
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of source-map-support. Vulnerability Details CVEID:CVE-2024-21540 DESCRIPTION: All versions of the package source-map-support are vulnerable to Directory Traversal in the retrieveSourceMap function. CWE:CWE-22: Improper...
GHSA-67MH-4WV8-2F99 esbuild enables any website to send any requests to the development server and read the response
Summary esbuild allows any websites to send any request to the development server and read the response due to default CORS settings. Details esbuild sets Access-Control-Allow-Origin: header to all requests, including the SSE connection, which allows any websites to send any request to the...
Security Bulletin: Vulnerability in source-map-support affects IBM watsonx Assistant for IBM Cloud Pak for Data
Summary Potential vulnerability in all versions of the package source-map-suppor has been identified that affects IBM watsonx Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2024-21540...
GHSA-49W6-73CW-CHJR Astro's server source code is exposed to the public if sourcemaps are enabled
Summary A bug in the build process allows any unauthenticated user to read parts of the server source code. Details During build, along with client assets such as css and font files, the sourcemap files for the server code are moved to a publicly-accessible folder...
CVE-2024-21540
Rejected reason: This issue is not a vulnerability because no real attack scenario can happen...
CVE-2024-21540
...
CVE-2024-21540
CVE-2024-21540: Directory Traversal in the retrieveSourceMap function of the source-map-support package. Affected IBM products (as per IBM security bulletins) include Instana/Process Mining and IBM Event Processing components, with multiple builds affected. Root cause: improper handling of pathna...