2 matches found
Malicious code in @webd-infra/query-designer-domain (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c7713f23c6a0044172532693bc43aee0d785a980fc5c83ba1f773af9082e3b3 The package's package.json declares its only dependency ltidisafe as a direct tarball URL:...
GHSA-47WR-426J-FR82 Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Impact Users unpacking a tarball through dbdeployer may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defences. Mitigating factors For the...