4 matches found
EUVD-2024-2343
Malicious code in bioql PyPI...
@persistr/cli (>=2.7.1 <=2.9.1), spidersharkcli (>=0.0.4 <=0.0.8) potentially affected by CVE-2024-21524 via node-stringbuilder (=2.2.7)
node-stringbuilder NPM version =2.2.7 is affected by a known vulnerability. The following packages have a transitive dependency on node-stringbuilder and may be impacted: - @persistr/cli =2.7.1, =0.0.4, =0.0.8 Source cves: CVE-2024-21524 Source advisory: OSV:GHSA-G533-XQ5W-JMF3...
GHSA-G533-XQ5W-JMF3 node-stringbuilder vulnerable to Out-of-bounds Read
All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example,...
OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392)
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability...