4 matches found
MAL-2026-6075 Malicious code in opt-archetype-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...
Unsanitized NUL in environment variables on Windows in syscall and os/exec
...
Amazon Linux 2022 : golang (ALAS2022-2022-239)
The version of golang installed on the remote host is prior to 1.19.3-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-239 advisory. - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read t...
Path Traversal
firefox is vulnerable to Path Traversal. A remote attacker is able to use the % character in filenames to store the data outside of the intended directory using windows environment variables, such as %HOMEPATH% or %APPDATA%...