EUVD-2006-3043

Malware in sbrugna...

3nit-components (>=0.0.2 <=0.0.4), 3nit-utils (>=0.3.0 <=0.23.0) +1573 more potentially affected by unknown CVE via subtext (>=1.1.1 <=6.0.12)

subtext NPM version =1.1.1, =0.0.2, =0.3.0, =1.0.0, =1.16.0, =1.16.0, =1.16.0, =1.0.0, =0.0.1, =0.1.0, =0.9.0, =1.0.7, =0.0.1, =1.0.8, =11.1.27-alpha.4606607431 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2MVQ-XP48-4C77...

GHSA-2MVQ-XP48-4C77 Denial of Service in subtext

All versions of subtext are vulnerable to Denial of Service DoS. The package fails to enforce the maxBytes configuration for payloads with chunked encoding that are written to the file system. This allows attackers to send requests with arbitrary payload sizes, which may exhaust system resources...

Prototype Pollution

@hapi/subtext is vulnerable to prototype pollution. Lack of object validation allows an attacker to inject arbitrary Object properties which can potentially lead to execution of arbitrary code...