Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Node-openssl ProjectNode-openssl

2 matches found

CVE
CVEadded 2023/11/23 12:0 a.m.166 views

CVE-2023-49210

The CVE-2023-49210 entry concerns the openssl (node-openssl) NPM package up to version 2.0.0. A root cause is that the package’s opts argument contains a verb field that can be passed to exec, enabling arbitrary command execution. Multiple sources (Red Hat, Veracode, GHSA, OSV) describe this as a...

9.8CVSS9.5AI score0.00458EPSS
CVE
CVEadded 2018/06/07 2:0 a.m.47 views

CVE-2017-16064

The CVE refers to the npm malware node-openssl, a malicious module published to hijack environment variables. Multiple sources confirm that the package stole environment variables and exfiltrated them to attacker-controlled locations, and that all versions have been unpublished from the npm regis...

7.5CVSS7.4AI score0.00257EPSS