80 matches found
Cesanta MJS 安全漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are a small footprint and simple C/C++ interoperability. Cesanta MJS has a security vulnerability that stems from Cesanta MJS v2.20.0 was...
Code Injection in storybookjs/telejson
✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...
@amoy/query-components (>=1.0.0 <=1.0.8), @cortezaproject/corteza-ext-renderer (>=2020.3.0 <=2020.12.0) +46 more potentially affected by CVE-2021-23346 via html-parse-stringify (>=1.0.1 <=1.0.3)
html-parse-stringify NPM version =1.0.1, =1.0.0, =2020.3.0, =2020.3.0-rc.8, =0.3.0, =4.0.0, =2.0.7, =4.0.22, =3.0.4, =14.10.3, =1.0.0, =1.0.0, =6.9.17, =1.0.0, =3.0.0-rc.2 and more Source cves: CVE-2021-23346 Source advisory: OSV:GHSA-545Q-3FG6-48M7...
GHSA-545Q-3FG6-48M7 html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-23346
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-23346
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-23346
CVE-2021-23346 affects Node.js packages html-parse-stringify and html-parse-stringify2. The vulnerability is a Regular Expression DoS (ReDoS) due to backtracking in parsing regex, which can cause the process to freeze and lead to a denial of service. IBM IBM Cloud Pak for Security CP4S versions 1...
CVE-2021-23346 Regular Expression Denial of Service (ReDoS)
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2021-23346
This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
html-parse-stringify 安全漏洞
Henrik Joreteg html-parse-stringify is an open source application by Henrik Joreteg. It provides a way to quickly parse HTML into an AST and stringify it to a raw string. A security vulnerability exists in html-parse-stringify before 2.0.1, which stems from the fact that sending certain inputs ma...
Regular Expression Denial of Service (ReDoS)
Overview html-parse-stringify is a https://github.com/henrikjoreteg/html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing...
4talent-questions-shortlist (=1.3.3), @42.nl/ui (>=1.0.7 <=1.0.9) +625 more potentially affected by CVE-2021-23346 via html-parse-stringify2 (=2.0.1)
html-parse-stringify2 NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on html-parse-stringify2 and may be impacted: - 4talent-questions-shortlist =1.3.3 - @42.nl/ui =1.0.7, =5.0.1, =0.1.0, =1.0.0, =0.2.0-alpha.1, =0.1.2, =0.9.9, =0.9.9,...
Regular Expression Denial of Service (ReDoS)
Overview html-parse-stringify2 is a This is a fork of html-parse-stringify Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process...
CVE-2020-24348
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njsjsonstringifyiterator in njsjson.c...
Node.js third-party modules: Server Side JavaScript Code Injection
I would like to report a Service Side JavaScript Code Injection in fastify. It allows an attacker that can control a single property name in the serialization schema to achieve Remote Command Execution in the context of the web server. Module module name: fastify version: 2.2.0 npm page:...
CVE-2016-10222
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...
Fedora Update for nodejs-json-stringify-safe FEDORA-2013-11780
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for nodejs-json-stringify-safe FEDORA-2013-11780
Check for the Version of nodejs-json-stringify-safe OpenVAS Vulnerability Test Fedora Update for nodejs-json-stringify-safe FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Mozilla use-after-free error in JSON.stringify (MFSA2011-03)
Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the jsHasOwnProperty function and garbage...