ROOT-APP-NPM-CVE-2024-29180 CVE-2024-29180 in @rootio/webpack-dev-middleware - Patched by Root

Root has patched CVE-2024-29180 in the @rootio/webpack-dev-middleware package for Root:npm. Multiple fixed versions available...

TencentOS Server 4: pcs (TSSA-2025:0213)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0213 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Malicious code in webpack-dev-serve-middleware (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fb201f67e4df2c2951dcebb70620a58ed8d7c1862d4697b4e14b2e95b6673d84 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2024-1028

Malicious code in bioql PyPI...

webpack-dev-middleware Path Traversal vulnerability

...

Security Bulletin: IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities

Summary IBM Cloud Pak for Network Automation 2.7.3 addresses multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2024-30260 DESCRIPTION: Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw wit...

Important: Red Hat Security Advisory: Apicurio Registry (container images) release and security update [ 2.6.1 GA ]

An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of...

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.5.0 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

webpack-dev-middleware: lack of URL validation may lead to file leak

A flaw was found in the webpack-dev-middleware package, where it failed to validate the supplied URL address sufficiently before returning local files. This flaw allows an attacker to craft URLs to return arbitrary local files from the developer's machine. The lack of normalization before calling...

Important: Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Important: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2023-41419 DESCRIPTION: Gevent could allow a remote attacker to gain...

Path Traversal

webpack-dev-middleware is vulnerable to Path Traversal. The vulnerability is due to insufficient validation of URL addresses, allowing attackers to access any file on the developer's machine by manipulating the URL with specific encoded sequences such as %2e or %2f...

GHSA-WR3J-PWJ9-HQQ6 Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

Path traversal in webpack-dev-middleware

Summary The webpack-dev-middleware middleware does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. Details The middleware can either work with the physical filesystem when reading the files or it can...

@moneko/core (>=3.9.17-beta.25 <=3.11.1-beta.2), @proteinjs/server (>=1.0.1 <=2.1.10) +2 more potentially affected by CVE-2024-29180 via webpack-dev-middleware (=7.0.0)

webpack-dev-middleware NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on webpack-dev-middleware and may be impacted: - @moneko/core =3.9.17-beta.25, =1.0.1, =1.1.0, =0.0.101, =0.0.113 Source cves: CVE-2024-29180 Source advisory:...

@angular-architects/build-angular (=16.2.0-next.2), @angular-devkit/build-angular (>=15.1.0 <=17.3.1) +165 more potentially affected by CVE-2024-29180 via webpack-dev-middleware (>=6.0.0 <=6.1.1)

webpack-dev-middleware NPM version =6.0.0, =15.1.0, =9.3.0, =1.12.3, =4.20.4, =0.1.0, =3.1.0, =3.0.0-alpha.14, =15.1.0, =16.0.0-next.6, =2.6.0, =8.4.0, =7.0.0-rc.11, =7.0.0-rc.16 and more Source cves: CVE-2024-29180 Source advisory: OSV:GHSA-WR3J-PWJ9-HQQ6...