libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. I…
[dset] Prototype Pollution in dset
All versions of dset prior to 3.1.2 are vulnerable to Prototype Pollution via dset/merge mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or prototype. By crafting a malicious…
[materialize-css] materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input
All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as <not-a-tag />) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vul…
[jsgui-lang-essentials] Prototype Pollution in jsgui-lang-essentials
All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype.
References
https://nvd.nist.gov/vuln/…
[com.bstek.ureport:ureport2-console] Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets.
References
https://nvd.nist.gov/vuln/det…
[com.alibaba.oneagent:one-java-agent-plugin] Path Traversal in com.alibaba.oneagent:one-java-agent-plugin
All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker c…
[com.google.code.gson:gson] Deserialization of Untrusted Data in Gson
The package com.google.code.gson:gson before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to denial of service attacks.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-…
[org.geoserver:gs-main] GeoServer allows SSRF via the option for setting a proxy host
GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-40822
https://github.com/geoserver/geoserver/compare/2.19.2…2.19.3
https://github.com/geoser…
[github.com/hoppscotch/proxyscotch] ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
ProxyScotch is a simple proxy server created for hoppscotch.io. The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is mad…
[angular] angular vulnerable to regular expression denial of service (ReDoS)
AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ‘ ‘.repea…