31435 matches found
Malicious Package
Overview intquery is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious Package
Overview metrics-probe-88ad is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview metrics-probe-64b2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview runtime-metrics-w7k2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview metrics-probe-77d4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview metrics-probe-f256 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview data-utils-d703 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview type-check-816d is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview string-tools-be6c is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview fmt-helpers-794b is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview metrics-pipeline-d8k2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview metrics-probe-dc85 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview color-utils-dee0 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview @ncurran/dc-selftest-ba0ad4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @ncurran/sandbox-recon-sys-5b2c is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
Malicious Package
Overview npm-sandbox-ping-c8f2a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Malicious Package
Overview npm-sandbox-research-g3h4 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview npm-sandbox-research-d7e8 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview npm-sandbox-ping-r9t2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious Package
Overview npm-sandbox-research-c5d6 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview npm-sandbox-research-8b2f is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview postinstall-logger-7x9z is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious Package
Overview @ncurran/sandbox-recon-sys-5f1b is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
Malicious Package
Overview @ncurran/sandbox-recon-880538 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @ncurran/dc-selftest-33afb7 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @ncurran/sandbox-recon-sys-6a3f is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
Malicious Package
Overview @ncurran/sandbox-recon-7c4e1a is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @ncurran/sandbox-recon-uac-4e7c is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and th...
Malicious Package
Overview npm-sandbox-research-a1b2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview npm-sandbox-research-9c4e is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview npm-sandbox-research-f1g2 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview npm-sandbox-research-e9f0 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview @ncurran/sandbox-recon-9b2d4f is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
Malicious Package
Overview pkg-telemetry-r4f9 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Credential Exposure
Overview Affected versions of this package are vulnerable to Credential Exposure due to an incorrect transformation string in the encryption configuration process. An attacker can compromise the confidentiality of encrypted data by exploiting the unintended use of weaker padding when OAEP is...
Authentication Bypass Using an Alternate Path or Channel
Overview Steeltoe.Management.Endpoint is a package that provides building blocks for development of .NET applications that integrate with Spring and Spring Boot environments, as well as Cloud Foundry and Kubernetes with first-party support for Tanzu. Affected versions of this package are vulnerab...
Cleartext Storage of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that handles service bindings from VCAPSERVICES containing TLS client credentials. An attacker can access sensitive private key material by reading temporary files created with...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the middleware responsible for access restriction, which relies on the Host HTTP header rather than the actual network socket port. An attacker can gain unauthorized access to...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the deserialization process of RFC7797 JWS payloads with b64=false. An attacker can cause resource exhaustion by submitting a payload that exceeds the intended size limits, bypassi...
Improper Privilege Management
Overview Steeltoe.Management.Endpoint is a package that provides building blocks for development of .NET applications that integrate with Spring and Spring Boot environments, as well as Cloud Foundry and Kubernetes with first-party support for Tanzu. Affected versions of this package are vulnerab...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the permission enforcement process for sensitive actuator endpoints such as heapdump, env, and threaddump. An attacker can access sensitive application data by authenticating with only restricted...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...
Exposure of Resource to Wrong Sphere
Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the TokenKeyResolver function. An attacker can bypass authentication and gain unauthorized access by exploiting the shared static JWKS cache across multiple schemes, allowing a key fetched for one...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information in the Sanitizer function of the Environment actuator, which fails to redact sensitive information from configuration keys matching standard .NET patterns such as ConnectionStrings: or...
Cleartext Transmission of Sensitive Information
Overview Steeltoe.Management.Endpoint is a package that provides building blocks for development of .NET applications that integrate with Spring and Spring Boot environments, as well as Cloud Foundry and Kubernetes with first-party support for Tanzu. Affected versions of this package are vulnerab...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the matches function in the FHIRPathEngine. An attacker can exhaust system resources and cause service disruption by submitting specially crafted regular expressions that trigger excessive...
Directory Traversal
Overview com.github.jknack:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Directory Traversal via the getResource function in FileTemplateLoader. An attacker can access arbitrary files on the server by supplying crafted template...
LDAP Injection
Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to LDAP Injection in the DefaultLdapRealm class. An attacker can bypass...
Permissive List of Allowed Inputs
Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via permissive substring matching in the Set-Cookie attribute parsing. An attacker can weaken cookie SameSite enforcemen...