Lucene search

K

Nearform Security Vulnerabilities

cve
cve

CVE-2024-24556

urql is a GraphQL client that exposes a set of helpers for several frameworks. The @urql/next package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns html tags and that the web-application is using streamed responses (non-RSC). This vulnerability...

7.2CVSS

6.2AI Score

0.0005EPSS

2024-01-30 06:15 PM
18
cve
cve

CVE-2023-48223

fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to version 3.3.2, the fast-jwt library does not properly prevent JWT algorithm confusion for all public key types. The 'publicKeyPemMatcher' in 'fast-jwt/src/crypto.js' does not properly match all common PEM formats for public keys.....

5.9CVSS

5.6AI Score

0.001EPSS

2023-11-20 06:15 PM
20