Lucene search
K

1592 matches found

OSV
OSV
added 2022/03/18 12:1 a.m.17 views

GHSA-66WW-999Q-MFFQ Arbitrary code execution in post-loader

post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...

9.8CVSS9.6AI score0.01957EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/03/18 12:1 a.m.27 views

Arbitrary code execution in post-loader

post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...

9.8CVSS4.2AI score0.01957EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/03/17 12:0 a.m.5 views

post-loader 跨站脚本漏洞

post-loader is a Webpack loader for China EGOIST individual developers. It is used to write blog posts in Markdown. A cross-site scripting vulnerability exists in post-loader, which stems from the use of the markdown parser in an insecure manner, so that any javascript code in a markdown input fi...

9.8CVSS8AI score0.01957EPSS
Exploits1References2
OPENSUSE Linux
OPENSUSE Linux
added 2022/03/03 12:0 a.m.90 views

Security update for nodejs-electron (important)

openSUSE Security Update: Security update for nodejs-electron Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981...

9.6CVSS6.9AI score0.64546EPSS
Exploits7
vulnersOsv
vulnersOsv
added 2022/02/17 12:0 a.m.4 views

01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12923 more potentially affected by CVE-2022-0613 via urijs (>=1.16.1 <=1.19.7)

urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2022-0613 Source advisory: OSV:GHSA-GCV8-GH4R-25X6...

6.5CVSS6.3AI score0.0158EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/02/10 8:21 p.m.2 views

@ckeditor/ckeditor5-dev-lint (>=1.0.0 <=2.0.3), @code_monk/hak-cli (>=1.0.6 <=1.0.9) +364 more potentially affected by CVE-2020-7751 via pathval (>=0.0.1 <=1.1.0)

pathval NPM version =0.0.1, =1.0.0, =1.0.6, =1.0.4, =2.0.3, =1.0.8, =1.0.3, =1.0.7, =2.0.3, =3.1.2, =1.0.3, =0.0.1, =0.1.0, =0.2.0 - @nwetzel/modern-web-dev-build =0.6.0 and more Source cves: CVE-2020-7751 Source advisory: OSV:GHSA-G6WW-V8XP-VMWG...

7.2CVSS7.1AI score0.01498EPSS
Exploits1
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.5 views

ZEIT Next.js 输入验证错误漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. ZEIT Next.js suffers from an input validation error vulnerability that stems from the software's lack of effective handling of incorrectly formatted urls. An invalid or incorrectly...

7.5CVSS7.5AI score0.44824EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/09/07 11:8 p.m.60 views

Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

8.8CVSS8.4AI score0.00636EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/09/07 11:8 p.m.19 views

GHSA-W3J4-76QW-WWJM Older releases of better_errors open to Cross-Site Request Forgery attack

Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...

6.3CVSS8.7AI score0.00636EPSS
Exploits0References7
CNVD
CNVD
added 2021/08/12 12:0 a.m.43 views

ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

6.9CVSS3.4AI score0.01198EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/01/14 1:2 p.m.4 views

@adobe/aio-app-scripts (>=0.6.0 <=2.3.0), @adobe/aio-cli (>=2.1.0 <=4.0.0) +21 more potentially affected by CVE-2020-28471 via properties-reader (>=2.0.0 <=2.1.1)

properties-reader NPM version =2.0.0, =0.6.0, =2.1.0, =1.0.0, =0.3.1, =1.0.3, =0.6.0, =1.7.0, =0.0.16, =2.0.0, =2.4.1-next.238, =2.0.0-RC1, =2.1.1-next.0, =2.1.1-next.0, =2.2.1-next.5, =2.1.1-next.0, =2.5.2-next.17 and more Source cves: CVE-2020-28471 Source advisory:...

9.8CVSS7.2AI score0.01092EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/01/13 6:21 p.m.4 views

@dmrvos/infrajs (>=0.0.4 <=0.0.8), @marjose/jstoolkit (>=0.0.2 <=1.0.0-beta) +10 more potentially affected by CVE-2021-21252 via jquery-validation (>=1.14.0 <=1.19.1)

jquery-validation NPM version =1.14.0, =0.0.4, =0.0.2, =0.2.2, =3.0.0, =0.11.28, =0.0.8, =1.4.0, =1.0.0, =3.0.0-prerelease.20170216T120000Z, =1.0.0, =1.0.6 - webpack-symfony-builder =1.0.0 Source cves: CVE-2021-21252 Source advisory: OSV:GHSA-JXWX-85VP-GVWM...

7.5CVSS6.1AI score0.03532EPSS
Exploits0
NVD
NVD
added 2021/01/06 9:15 p.m.29 views

CVE-2020-29041

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

5.3CVSS5.5AI score0.01355EPSS
Exploits1References2
Prion
Prion
added 2021/01/06 9:15 p.m.12 views

Code injection

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

5CVSS5.5AI score0.01355EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/01/06 8:52 p.m.55 views

CVE-2020-29041

The CVE-2020-29041 entry describes a misconfiguration in Web-Sesame 2020.1.1.3375 where JavaScript source maps were included in production Webpack config, allowing an unauthenticated attacker to download the application’s source code and related artifacts (bundle sources, configuration settings s...

5.3CVSS5.5AI score0.01355EPSS
Exploits1References2Affected Software1
Kitploit
Kitploit
added 2020/12/08 8:30 p.m.71 views

Packer-Fuzzer - A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack

With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call,...

8.2AI score
Exploits0References1
Oracle linux
Oracle linux
added 2020/11/10 12:0 a.m.57 views

grafana security, bug fix, and enhancement update

6.7.4-3 - apply patch for CVE-2020-13430 also to sources, not only to compiled webpack 6.7.4-2 - security fix for CVE-2020-13430 6.7.4-1 - update to 6.7.4 tagged upstream community sources, see CHANGELOG - security fix for CVE-2020-13379 6.7.3-1 - update to 6.7.3 tagged upstream community sources...

8.2CVSS1.8AI score0.99856EPSS
Exploits8
CNVD
CNVD
added 2020/10/26 12:0 a.m.1 views

webpack-subresource-integrity data forgery issue vulnerability

webpack-subresource-integrity is a personal developer's npm extension for website static file security. The library generates an encrypted hash code that can be used to verify that files fetched by the browser e.g. from a CDN are secure. A webpack plugin vulnerability exists in versions prior to...

5CVSS7.1AI score0.00517EPSS
Exploits0References1
Veracode
Veracode
added 2020/10/20 5:17 a.m.18 views

Subresource Integrity Bypass

webpack-subresource-integrity is vulnerable to subresource integrity bypass. Dynamically injected tags use undefined and the integrity check can be bypassed, potentially resulting in cross-site scripting attacks...

5CVSS1.6AI score0.00517EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2020/10/20 1:33 a.m.18 views

Lack Of Integrity Hash Validation

webpack-subresource-integrity suffers from a lack of integrity hash verification. An additional layer of SRI protection for all dynamically loaded chunks receives an invalid integrity hash and is ignored by the browser...

3.7CVSS4.4AI score0.00517EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder