1635 matches found
Cross-Site Scripting (XSS)
Overview In affected versions of video.js, the src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. Recommendation Upgrade to version 7.14.3 or later References - CVE - GitHub Advisory...
Sensitive Data Exposure
Overview The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected. Example affected...
Prototype Pollution
Overview There is a prototype pollution vulnerability in gsap which affects all versions before 3.6.0. Recommendation Upgrade to 3.6.0 or later References - GitHub Advisory - Snyk Advisory...
Exfiltrates data on installation
Overview The cofeescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofeescript installed in...
Remote Memory Exposure
Overview Affected versions of request will disclose local system memory to remote systems in certain circumstances. When a multipart request is made, and the type of body is number, then a buffer of that size will be allocated and sent to the remote server as the body. Proof of Concept var reques...
ReDoS via long string of semicolons
Overview Affected versions of tough-cookie may be vulnerable to regular expression denial of service when long strings of semicolons exist in the Set-Cookie header. Recommendation Update to version 2.3.0 or later. References GitHub Advisory...
Cross-Site Scripting
Overview Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php. Recommendation Update to a version greater than 1.10.8. Referenc...
Path traversal in rollup-plugin-serve
Overview Path traversal in rollup-plugin-serve before version 1.0.2. There is no path sanitization in readFile operation. Recommendation Upgrade to version 1.0.2 or later References - CVE - GitHub Advisory...
Regular Expression Denial of Service
Overview There is a regular expression denial-of-service in schema-inspector. Impact Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program...
Cross-Site Scripting
Overview Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Recommendation Upgrade to version 2.0.17 or...
Arbitrary Code Execution in grunt
Overview Versions of grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML. Recommendation Upgrade to version 1.3.0 or later References - CVE - GitHub...
Malicious Package
Overview All versions of plutov-slack-client contain malicious code. Upon installation the package opens a shell to a remote server. The package affects both Windows and nix systems. Recommendation Any computer that has this package installed or running should be considered fully compromised. All...
Memory Exposure
Overview This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names...
Injection in gulp-scss-lint
Overview gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. Recommendation Avoid using gulp-scss-lint as there is no current safe version of this module...
Cross-Site Scripting (XSS)
Overview Affected versions of angular are vulnerable to JSONP Callback Attack. JSONP JSON with padding is a method used to request data from a server residing in a different domain than the client. Any url could perform JSONP requests, allowing full access to the browser and the JavaScript contex...
Exfiltrates data on installation
Overview The coffescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffescript installed in...
Regular Expression Denial of Service
Overview normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 has a ReDoS regular expression denial of service issue because it has exponential performance for data: URLs. Recommendation Upgrade to versions 4.5.1, 5.3.1, 6.0.1 or later References - CVE - GitHub Advisory...
Open Redirect
Overview st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 redirect to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most browsers trea...
Authentication Bypass
Overview Affected versions of passport-azure-ad do not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. Recommendation Version 1.x: Update to version 1.4.6 or later. Version 2.x: Update to version 2.0.1 or later. References - Securi...
Command Injection
Overview Affected versions of growl do not properly sanitize input prior to passing it into a shell command, allowing for arbitrary command execution. Recommendation Update to version 1.10.2 or later. References - Issue 60 - PR 61 - GitHub Advisory...
Regular Expression Denial of Service
Overview npm-user-validate before 1.0.1 is vulnerable to regular expression denial of service. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. Recommendation Upgrade to version 1.0.1 or later References - CVE - GitHub Advis...
Command Injection
Overview Affected versions of fs-git do not sanitize strings passed into the buildCommand method, resulting in arbitrary code execution. Recommendation Update to version 1.0.2 or later. References - Commit eb5f70e - GitHub Advisory...
Cross-Site Scripting
Overview Affected versions of yui are vulnerable to cross-site scripting in the uploader.swf and io.swf utilities, via script injection in the url. Recommendation YUI has published their recommendation to fix this issue. Their recommendation is to: - Delete self-hosted copies of these files if yo...
UNIX Symbolic Link (Symlink) Following
Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be...
Prototype Pollution
Overview Affected versions of jszip have a prototype pollution vulnerability. Crafting a new zip file with filenames set to Object prototype values e.g proto, toString, etc results in a returned object with a modified prototype instance. Recommendation Upgrade to version 3.7.0 or later References...
Prototype Pollution in locutus
Overview Versions of locutus prior to 2.0.12 are vulnerable to Prototype Pollution via the php.strings.parsestr function. Recommendation Upgrade to version 2.0.12 or later References - CVE - GitHub Advisory...
Cross-Site Request Forgery (CSRF)
Overview Affected versions of the fastify-csrf package are vulnerable to Cross-site Request Forgery CSRF. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: path: '/', sameSite: true . Also, the CSRF token was available in the GET query parameter...
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Overview Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks...
Misinterpretation of malicious XML input
Overview Impact xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. Patches Update to 0.7.0 see issue 271 for the stat...
Cross-site scripting in jspdf
Overview In jspdf before version 2.0.0 it is possible to inject JavaScript code via the html method. Recommendation Upgrade to version 2.0.0 or later References - CVE - GitHub Advisory...
Command injection in bestzip
Overview Affected versions of the package bestzip before 2.1.7 are vulnerable to Command Injection via the options param. Recommendation Upgrade to version 2.1.7 or later References - CVE - GitHub Advisory...
Arbitrary Code Execution
Overview The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized. Recommendation Upgrade to versions 1.12.1 or...
Downloads Resources over HTTP
Overview Affected versions of gfe-sass insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on...
Denial of Service
Overview css-what from version 4.0.0 and before version 5.0.1 does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input. Recommendation Upgrade to version 5.0.1 or later References - CVE - GitHub Advisory...
Injection and Command Injection in devcert
Overview A command injection vulnerability in the devcert module may lead to remote code execution when users of the module pass untrusted input to the certificateFor function. Recommendation Upgrade to version 1.1.2 or later References - CVE - GitHub Advisory...
Cross-Site Scripting
Overview A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. Recommendation Avoid using quill as there ...
Remote Code Execution
Overview Affected versions of angular-expressions are affected by a remote code execution vulnerability. Impact If you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input you are potentially impacted. The security of the package could be bypass...
Regular Expression Denial of Service
Overview In affected versions of @ckeditor/ckeditor5-markdown-gfm a regular expression denial of service ReDoS vulnerability has been discovered. Impact The vulnerability allowed to abuse a link recognition regular expression, which could cause a significant performance drop resulting in a browse...
Hijacked Environment Variables
Overview The node-opencv package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real...
Directory Traversal
Overview Affected versions of 360class.jansenhm resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable...
Directory Traversal
Overview Affected versions of dcdcdcdcdc resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...
Directory Traversal
Overview Affected versions of node-simple-router resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerabl...
Reflected XSS from the callback handler's error query parameter
Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...
cookie tossing attack
Overview Users that used fastify-csrf with the "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Recommendation Upgrade to version 3.1.0 or later References - CVE - GitHub Advisory...
Regular Expression Denial of Service
Overview The GitHub Security Lab team has identified potential security vulnerabilities in jquery-validation. The project contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service Recommendation Upgrade to fixed version 1.19.3 or later References -...
Directory Traversal
Overview Affected versions of iter-server resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable syste...
Code Execution by Re-enabling Node.js integration
Overview A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows executi...
Code Execution Through IIFE
Overview Affected versions of serialize-to-js may be vulnerable to arbitrary code execution through an Immediately Invoked Function Expression IIFE. Proof of Concept var payload = "e: function eval'console.logexploited' " var serialize = require'serialize-to-js'; serialize.deserializepayload;...
Sanitization bypass using HTML Entities
Overview Affected versions of marked are susceptible to a cross-site scripting vulnerability in link components when sanitize:true is configured. Proof of Concept This flaw exists because link URIs containing HTML entities get processed in an abnormal manner. Any HTML Entities get parsed on a...
Denial-of-Service Extended Event Loop Blocking
Overview Versions prior to 1.0.0 of qs are affected by a denial of service vulnerability that results from excessive recursion in parsing a deeply nested JSON string. Recommendation Update to version 1.0.0 or later References GitHub Advisory...