1635 matches found
Downloads Resources over HTTP
Overview Affected versions of chromedriver126 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
Cross Site Scripting (XSS)
Overview Affected versions of plotly.js are vulnerable to cross-site scripting if an attacker can convince a user to visit a malicious plot on a site using this package. Recommendation Update to 1.16.0 or later. References - Plot.ly Help - XSS Advisory - Jared Folkins - How I Hacked Plot.ly -...
Command Injection
Overview Versions of gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into gm.compare, which fails to sanitize input correctly before calling the graphics magic binary. Recommendation Update to version 1.21.1 or later...
Regular Expression Denial of Service
Overview All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this...
Potential Command Injection
Overview Versions 0.0.1 and earlier of printer are affected by a command injection vulnerability resulting from a failure to sanitize command arguments properly in the printDirect function. Recommendation Update to version 0.0.2 or later. References - Commit e001e38 - GitHub Advisory...
Denial of Service
Overview Versions of yar prior to 2.2.0 are affected by a denial of service vulnerability related to an invalid encrypted session cookie value. When an invalid encryped session cookie value is provided, the process will crash. Recommendation Update to version 2.2.0 or later. References - Issue 34...
Prototype Pollution
Overview Affected versions of sds are vulnerable to prototype pollution. The set function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. Recommendation Upgrade to version 4.0.0 or later...
Incorrect Account Used for Signing
Overview Versions of @metamask/eth-ledger-bridge-keyring prior to 0.2.2 may use incorrect accounts for signing transactions. The vulnerability impacts cases where the user signs a personal message or transaction without first adding the account. This includes cases where the user has already adde...
Path Traversal
Overview Versions of sapper prior to 0.27.11 are vulnerable to Path Traversal. It is possible to access sensitive files on the server through HTTP requests containing URL-encoded ../. You may test a sapper application running in prod mode with curl -vvv...
Prototype Pollution
Overview Versions of @hapi/hoek prior to 8.5.1 and 9.0.3 are vulnerable to Prototype Pollution. The clone function fails to prevent the modification of the Object prototype when passed specially-crafted input. Attackers may use this to change existing properties that exist in all objects, which m...
Invalid Curve Attack
Overview Versions of openpgp prior to 4.3.0 are vulnerable to an Invalid Curve Attack. The package's implementation of ECDH fails to verify the validity of the communication partner's public key. The package calculates the resulting key secret based on an altered curve instead of the specified...
SQL Injection
Overview Affected versions of sequelize are vulnerable to SQL Injection. The function sequelize.json incorrectly formatted sub paths for JSON queries, which allows attackers to inject SQL statements and execute arbitrary SQL queries if user input is passed to the query. Exploitation example: retu...
Cross-Site Scripting
Overview All versions of min-http-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...
Cross-Site Scripting
Overview All versions of eco are vulnerable to Cross-Site Scripting XSS. The package's default escape implementation fails to escape single quotes, which may allow attackers to execute arbitrary JavaScript on the victim's browser. Recommendation No fix is currently available. Consider using an...
Prototype Pollution
Overview Versions of assign-deep prior to 1.0.1 are vulnerable to Prototype Pollution. The assign function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects...
Cross-Site Request Forgery (CSRF)
Overview Versions of keystone prior to 4.0.0 are vulnerable to Cross-Site Request Forgery CSRF. The package fails to validate the presence of the X-CSRF-Token header, which may allow attackers to carry actions on behalf of other users on all endpoints. Recommendation Update to version 4.0.0 or...
Cross-Site Scripting
Overview All versions of editor.md are vulnerable to Cross-Site Scripting. User input is insufficiently sanitized, allowing attackers to inject malicious code in payloads containing base64-encoded content. Recommendation No fix is currently available. Consider using an alternative module until a...
Path Traversal
Overview All versions of general-file-server are vulnerable to path traversal. Recommendation No fix is currently available for this vulnerability. It is our recommendation to not use this module until a fix has been provided. References - HackerOne Report - GitHub Advisory...
Path Traversal
Overview Versions of glance before 3.0.4 are vulnerable to path traversal allowing a remote attacker to read arbitrary files from the server using glance. Recommendation Update to version 3.0.4 or later. References - GitHub Commit 8cfd88e - HackerOne Report - GitHub Advisory...
Hijacked Environment Variables
Overview The jquery.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Directory Traversal
Overview Affected versions of mockserve resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of myprolyz resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of gaoxuyan resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Downloads Resources over HTTP
Overview Affected versions of dwebp-bin insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Downloads Resources over HTTP
Overview Affected versions of headless-browser-lite insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code...
Downloads Resources over HTTP
Overview Affected versions of box2d-native insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution...
Downloads Resources over HTTP
Overview Affected versions of bionode-sra insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on...
Cross-Site Scripting
Overview Affected versions of fuelux contain a cross-site scripting vulnerability in the Pillbox feature. By supplying a script as a value for a new pillbox, it is possible to cause arbitrary script execution. Recommendation Update to version 3.15.7 or later. References - Issue 1841 - PR 1856 -...
XSS in client rendered block templates
Overview Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a block. Server side rendering is not affected and is properly escaped. Recommendation Update to version 1.1.4 or later. References - PR 61 - PR 513 - GitHub Advisory...
Insecure Defaults Leads to Potential MITM
Overview Affected versions of ezseed-transmission download and run a script over an HTTP connection. An attacker in a privileged network position could launch a Man-in-the-Middle attack and intercept the script, replacing it with malicious code, completely compromising the system running...
Regular Expression Denial of Service
Overview Affected versions of riot-compiler are susceptible to a regular expression denial of service vulnerability. Recommendation Update to version 2.3.22 or later. References - Issue 46 - GitHub Advisory...
Regular Expression Denial of Service
Overview Versions of is-my-json-valid prior to 2.12.4 are affected by a regular expression denial of service vulnerability when user input is allowed into a utc-millisec validator. Recommendation Update to version 2.12.4 or later...
Remote Memory Disclosure
Overview Versions of bittorrent-dht prior to 5.1.3 are affected by a remote memory disclosure vulnerability. This vulnerability allows an attacker to send a specific series of of messages to a listening peer and get it to reveal internal memory. There are two mitigating factors here, that slightl...
Regular Expression Denial of Service
Overview Versions of ms prior to 0.7.1 are affected by a regular expression denial of service vulnerability when extremely long version strings are parsed. Proof of Concept javascript var ms = require'ms'; var genstr = function len, chr var result = ""; for i=0; i=len; i++ result = result + chr;...
Regular Expression Denial of Service
Overview Versions of validator prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the isURL method. Recommendation Update to version 3.22.1 or later. References - Issue 152, Comment 48107184 - GitHub Advisory...
Command Injection
Overview Versions of ungit prior to 0.9.0 are affected by a command injection vulnerability in the url parameter. Recommendation Update version 0.9.0 or later. References - Issue 486 - GitHub Advisory...
Inadequate Encryption Strength
Overview In bcrypt npm package before version 5.0.0, data is truncated wrong when its length is greater than 255 bytes. Recommendation Upgrade to version 5.0.0 or later. References - https://nvd.nist.gov/vuln/detail/CVE-2020-7689 - https://github.com/kelektiv/node.bcrypt.js776 -...
Command Injection
Overview All versions of umount are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the umount function . This may allow attackers to execute arbitrary code in the system if the device value passed to the function is...
Denial of Service
Overview Versions of http-proxy prior to 1.18.1 are vulnerable to Denial of Service. An HTTP request with a long body triggers an ERRHTTPHEADERSSENT unhandled exception that crashes the proxy server. This is only possible when the proxy server sets headers in the proxy request using the...
Command Injection
Overview All versions of gnuplot are vulnerable to Command Injection. The package fails to sanitize plot titles, which may allow attackers to execute arbitrary code in the system if the title value is supplied by a user. The following proof-of-concept creates a testing file in the current...
Denial of Service
Overview Versions of mongodb prior to 3.1.13 are vulnerable to Denial of Service. The package fails to properly catch an exception when a collection name is invalid and the DB does not exist, crashing the application. Recommendation Upgrade to version 3.1.13 or later. References GitHub Advisory...
Local File Inclusion
Overview All versions of domokeeper are vulnerable to Local File Inclusion. The /plugin/ route passes a GET parameter unsanitized to a require call. It then returns the output of require in the server response. This may allow attackers to load unintended code in the application. It also allows...
Prototype Pollution
Overview All versions of defaults-deep are vulnerable to prototype pollution. Provided certain input defaults-deep can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation As no patch is currently available for this vulnerability it is...
Sandbox Breakout / Arbitrary Code Execution
Overview All versions of sandbox are vulnerable to Sandbox Escape leading to Remote Code Execution. Due to insufficient input sanitization it is possible to escape the sandbox using constructors. Proof of concept var Sandbox = require"sandbox" s = new Sandbox code = new Function"return...
Byass due to validation before canonicalization
Overview Versions of serve before 6.5.2 are vulnerable to the bypass of the ignore functionality. The bypass is possible because validation happens before canonicalization of paths and filenames. Example: Here we have a server that ignores the file test.txt. const serve = require'serve' const...
Path Traversal
Overview Versions of node-srv before 2.1.1 are vulnerable to path traversal allowing a remote attacker to read files from the server that uses node-srv. Recommendation Update to version 2.1.1 or later. References - HackerOne Report - GitHub Advisory...
Regular Expression Denial of Service
Overview Affected versions of forwarded are vulnerable to regular expression denial of service when parsing specially crafted user input. Recommendation Update to version 0.1.2 or later References GitHub Advisory...
Hijacked Environment Variables
Overview The node-sqlite package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Hijacked Environment Variables
Overview The fabric-js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Directory Traversal
Overview Affected versions of jikes resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...