13 matches found
EUVD-2019-0680
Malware in sbrugna...
Unintended Require in larvitbase-www
All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...
GHSA-88H9-FC6V-JCW7 Unintended Require in larvitbase-www
All versions of larvitbase-www are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation No fix is currently...
CVE-2020-8128
An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code...
CVE-2020-8129
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
Code injection
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
CVE-2020-8129
An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allow attackers to execute arbitrary code...
Unintended Require in larvitbase-api
Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation Upgrade to...
GHSA-XF27-JQWV-GF3R Unintended Require in larvitbase-api
Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation Upgrade to...
CVE-2019-5479
An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...
CVE-2019-5479
An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...
CVE-2019-5479
An unintended require vulnerability in v0.5.5 larvitbase-api may allow an attacker to load arbitrary non-production code JavaScript file...
Unintended Require
Overview Versions of larvitbase-api prior to 0.5.4 are vulnerable to an Unintended Require. The package exposes an API endpoint and passes a GET parameter unsanitized to an require call. This allows attackers to execute any .js file in the same folder as the server is running. Recommendation...