LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29712
https://github.com/librenms/librenms/pull/1393…
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-29648
https://github.com/jflyfox/jfin…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method
References
https://nvd.nist.gov/vuln/detail/CVE-2022-1929
https://…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method
References
https://nvd.nist.gov/vuln/detail/CVE-2021-43307
https://re…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function
References
https://nvd.nist.gov/vuln/detail/C…
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-34084
https://advisory.c…
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function.
References
https://nvd.nist.gov/vuln/detail/C…
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
References
https://nvd.nist.gov/vuln/detail/CVE-2021-43306
https:/…
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved…
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.
References
https://nvd.nist.gov/vuln/detail/CVE-2021-34081
https://advisory.checkm…
