A vulnerability, which was classified as problematic, was found in yolapi. Affected is the function render_description of the file yolapi/pypi/metadata.py. The manipulation of the argument text leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a0f...
6.1CVSS
6AI Score
0.001EPSS
All versions of package promisehelpers are vulnerable to Prototype Pollution via the insert function.
9.8CVSS
9.4AI Score
0.007EPSS