Astra Linux - уязвимость в node-thenify

This affects the thenify package before version 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this value is passed to the eval function without any sanitization...

EUVD-2022-6206

Malicious code in bioql PyPI...

Ubuntu: Security Advisory (USN-6016-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6016-1: thenify vulnerability

It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...

USN-6016-1 node-thenify vulnerability

It was discovered that thenify incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code...

Fedora 36 : yarnpkg (2023-18fd476362)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-18fd476362 advisory. Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 37 : yarnpkg (2023-ce8943223c)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ce8943223c advisory. Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677 Tenable has extracted the preceding description block directly from the Fedora security...

Debian: Security Advisory (DLA-3128-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-3128-1 node-thenify - security update

Bulletin has no description...

[SECURITY] [DLA 3128-1] node-thenify security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3128-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta October 01, 2022 https://wiki.debian.org/LTS -...

Debian dla-3128 : node-thenify - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3128 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3128-1 [email protected] https://www.debian.org/lts/security/...

CVE-2020-7677

A flaw was found in the thenify package. Users can control the name argument provided to the package without any sanitization, and this is provided to the eval function without any sanitization, which leads to arbitrary code execution...

DEBIAN-CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

Session fixation

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

UBUNTU-CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7677 Arbitrary Code Execution

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

CVE-2020-7677

CVE-2020-7677 affects the node-thenify package before 3.3.1; the name argument is user-controlled and passed to eval without sanitization, enabling arbitrary code execution. Remediation: upgrade to 3.3.1 or newer (Debian LTS indicates fixed in 3.3.0-1+deb10u1).

CVE-2020-7677

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization...

thenify 安全漏洞

thenify is an open source callback-based function from Thenables that uses . A security vulnerability exists in versions prior to thenify 3.3.1 , which stems from the vulnerability of this package to arbitrary code execution , the name parameter provided to the package can be controlled by the us...