1592 matches found
GHSA-66WW-999Q-MFFQ Arbitrary code execution in post-loader
post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...
Arbitrary code execution in post-loader
post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...
post-loader 跨站脚本漏洞
post-loader is a Webpack loader for China EGOIST individual developers. It is used to write blog posts in Markdown. A cross-site scripting vulnerability exists in post-loader, which stems from the use of the markdown parser in an insecure manner, so that any javascript code in a markdown input fi...
Security update for nodejs-electron (important)
openSUSE Security Update: Security update for nodejs-electron Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981...
01_basic_webpack (>=1.0.0 <=1.0.8), 0726react (=0.1.1) +12923 more potentially affected by CVE-2022-0613 via urijs (>=1.16.1 <=1.19.7)
urijs NPM version =1.16.1, =1.0.0, =1.0.9, =0.0.1, =0.0.1-beta.0, =1.0.0, =1.0.4, =1.0.1, =0.0.1, =0.1.1, =0.1.0, =0.0.1, =0.0.3 and more Source cves: CVE-2022-0613 Source advisory: OSV:GHSA-GCV8-GH4R-25X6...
@ckeditor/ckeditor5-dev-lint (>=1.0.0 <=2.0.3), @code_monk/hak-cli (>=1.0.6 <=1.0.9) +364 more potentially affected by CVE-2020-7751 via pathval (>=0.0.1 <=1.1.0)
pathval NPM version =0.0.1, =1.0.0, =1.0.6, =1.0.4, =2.0.3, =1.0.8, =1.0.3, =1.0.7, =2.0.3, =3.1.2, =1.0.3, =0.0.1, =0.1.0, =0.2.0 - @nwetzel/modern-web-dev-build =0.6.0 and more Source cves: CVE-2020-7751 Source advisory: OSV:GHSA-G6WW-V8XP-VMWG...
ZEIT Next.js 输入验证错误漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. ZEIT Next.js suffers from an input validation error vulnerability that stems from the software's lack of effective handling of incorrectly formatted urls. An invalid or incorrectly...
Older releases of better_errors open to Cross-Site Request Forgery attack
Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...
GHSA-W3J4-76QW-WWJM Older releases of better_errors open to Cross-Site Request Forgery attack
Impact bettererrors prior to 2.8.0 did not implement CSRF protection for its internal requests. It also did not enforce the correct "Content-Type" header for these requests, which allowed a cross-origin "simple request" to be made without CORS protection. These together left an application with...
ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...
@adobe/aio-app-scripts (>=0.6.0 <=2.3.0), @adobe/aio-cli (>=2.1.0 <=4.0.0) +21 more potentially affected by CVE-2020-28471 via properties-reader (>=2.0.0 <=2.1.1)
properties-reader NPM version =2.0.0, =0.6.0, =2.1.0, =1.0.0, =0.3.1, =1.0.3, =0.6.0, =1.7.0, =0.0.16, =2.0.0, =2.4.1-next.238, =2.0.0-RC1, =2.1.1-next.0, =2.1.1-next.0, =2.2.1-next.5, =2.1.1-next.0, =2.5.2-next.17 and more Source cves: CVE-2020-28471 Source advisory:...
@dmrvos/infrajs (>=0.0.4 <=0.0.8), @marjose/jstoolkit (>=0.0.2 <=1.0.0-beta) +10 more potentially affected by CVE-2021-21252 via jquery-validation (>=1.14.0 <=1.19.1)
jquery-validation NPM version =1.14.0, =0.0.4, =0.0.2, =0.2.2, =3.0.0, =0.11.28, =0.0.8, =1.4.0, =1.0.0, =3.0.0-prerelease.20170216T120000Z, =1.0.0, =1.0.6 - webpack-symfony-builder =1.0.0 Source cves: CVE-2021-21252 Source advisory: OSV:GHSA-JXWX-85VP-GVWM...
CVE-2020-29041
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...
Code injection
A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...
CVE-2020-29041
The CVE-2020-29041 entry describes a misconfiguration in Web-Sesame 2020.1.1.3375 where JavaScript source maps were included in production Webpack config, allowing an unauthenticated attacker to download the application’s source code and related artifacts (bundle sources, configuration settings s...
Packer-Fuzzer - A Fast And Efficient Scanner For Security Detection Of Websites Constructed By Javascript Module Bundler Such As Webpack
With the popularity of web front-end packaging tools, have you encountered more and more websites represented by Webpack packager in daily penetration testing and security services? This type of packager will package the API and API parameters of the entire site together for centralized Web call,...
grafana security, bug fix, and enhancement update
6.7.4-3 - apply patch for CVE-2020-13430 also to sources, not only to compiled webpack 6.7.4-2 - security fix for CVE-2020-13430 6.7.4-1 - update to 6.7.4 tagged upstream community sources, see CHANGELOG - security fix for CVE-2020-13379 6.7.3-1 - update to 6.7.3 tagged upstream community sources...
webpack-subresource-integrity data forgery issue vulnerability
webpack-subresource-integrity is a personal developer's npm extension for website static file security. The library generates an encrypted hash code that can be used to verify that files fetched by the browser e.g. from a CDN are secure. A webpack plugin vulnerability exists in versions prior to...
Subresource Integrity Bypass
webpack-subresource-integrity is vulnerable to subresource integrity bypass. Dynamically injected tags use undefined and the integrity check can be bypassed, potentially resulting in cross-site scripting attacks...
Lack Of Integrity Hash Validation
webpack-subresource-integrity suffers from a lack of integrity hash verification. An additional layer of SRI protection for all dynamically loaded chunks receives an invalid integrity hash and is ignored by the browser...