3 matches found
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process. An attacker can access sensitive files by submitting specially crafted XML data containing external entities. Details XXE Injection is a type of attack against an applicatio...
Incomplete Filtering of One or More Instances of Special Elements
Overview validator is a library of string validators and sanitizers. Affected versions of this package are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing ...
Privilege Chaining
Overview Affected versions of this package are vulnerable to Privilege Chaining via the project secret validation process. An attacker can escalate privileges and potentially gain control over seed clusters by bypassing the intended security restrictions. Remediation Upgrade...