All versions of package easy-static-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
References
https://nvd.nist.gov/vuln/detail/CV…
All versions of package safe-eval are vulnerable to Prototype Pollution which allows an attacker to add or modify properties of the Object.prototype.Consolidate when using the function safeEval. This is because the function uses vm variable, leading an…
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. A malicious user may be able to find and subscribe to private APIs they do not have permission for, thus accessing API Management-protecte…
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.
References
https://nvd.nist.gov/vuln/detail/CVE-2016-20018
https:…
A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.3. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument …
A vulnerability, which was classified as problematic, has been found in UBI Reader up to 0.8.0. Affected by this issue is the function ubireader_extract_files of the file ubireader/ubifs/output.py of the component UBIFS File Handler. The manipulation l…
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affec…
The package cycle-import-check before version 1.3.2 is vulnerable to Command Injection via the writeFileToTmpDirAndOpenIt function due to improper user-input sanitization.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-24377
https://github.com/S…
.NET Framework Remote Code Execution Vulnerability.
Dupe of GHSA-2c7v-qcjp-4mg2
References
https://nvd.nist.gov/vuln/detail/CVE-2022-41089
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41089
https://github.com/advisories…
Keycloak does not properly validate URLs included in a redirect. An attacker could construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain, or possibly conduct further attacks.
Re…
