3 matches found
Cross-site Scripting (XSS)
Overview vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS when defining a non-invokable ToString value, which will cause a crash during type check. PoC js var lmdb = require"node-lmdb"; var fs = require'fs' var dbname = '/mydata' if !fs.existsSyncdbname fs.mkdirSyncdbname...
OpenJDK: key data leak via toString() methods (Libraries, 8011071)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via unknown vectors related to...