72 matches found
Code injection
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...
CVE-2021-23368
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...
UBUNTU-CVE-2021-23368
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...
CVE-2021-23368 Regular Expression Denial of Service (ReDoS)
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...
CVE-2021-23368
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...
CVE-2021-23368
The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing...
Regular Expression Denial of Service (ReDoS)
Overview postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS during source map parsing. PoC var postcss = require"postcss" function buildattackn var ret = "a/ sourceMappingURL=" for...
Trint Ltd: Insecure Zendesk SSO implementation by generating JWT client-side
Summary: app.trint.com implements SSO to Zendesk, it does this by using JWT as described at https://support.zendesk.com/hc/en-us/articles/203663816-Enabling-JWT-JSON-Web-Token-single-sign-on This functionality has not been implemented securely because the JWT generation happens in the client-side...
macOS < 10.14.3 / iOS < 12.1.3 XNU - vm_map_copy Optimization which Requires Atomicity isn�
/ vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same one. The function contains a while loop which walks through each of the vmmapentry...
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
/ vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same one. The function contains a while loop which walks through each of the vmmapentry...
Information Disclosure
gatsby is vulnerable to information disclosure. Absolute paths of the build machine can be leaked in the source map files when gatsby build scripts are executed, exposing sensitive information such as the current user name...
HackerOne: Minor Bug: Public un-compiled CSS with original sass, versioning, source map, comments, etc.
A stylesheet is available in a non-minified, non-compiled format. It includes sass, versioning, a source map, a style guide, comments, etc. see base64 encoded string at the very end of the document. https://hackerone.com/assets/application.css This alone is obviously not an exploit. However, it c...