mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
- Synchronized data.
This commit is contained in:
CVE Team
parent
a839ac6a2c
commit
804a10ba44
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
|
||||
"value" : "The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/297",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/297"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "windows-latestchromedriver downloads the latest version of chromedriver.exe windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
|
||||
"value" : "windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/295",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/295"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
|
||||
"value" : "react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/302",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/302"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with sepecific section headers to trigger this vulnerability."
|
||||
"value" : "An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Dissassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with specific section headers to trigger this vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0222"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/guardian/html-janitor/issues/35",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/guardian/html-janitor/issues/35"
|
||||
},
|
||||
{
|
||||
"name" : "https://hackerone.com/reports/308158",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://hackerone.com/reports/308158"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://hackerone.com/reports/296282",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://hackerone.com/reports/296282"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/guardian/html-janitor/issues/34",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/guardian/html-janitor/issues/34"
|
||||
},
|
||||
{
|
||||
"name" : "https://hackerone.com/reports/308155",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://hackerone.com/reports/308155"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Http-signature is a \"Reference implementation of Joyent's HTTP Signature Scheme\". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature. For this example request: ``` POST /pay HTTP/1.1 Host: example.com Date: Thu, 05 Jan 2012 21:31:40 GMT X-Payment-Source: src@money.com X-Payment-Destination: dst@money.com Authorization: Signature keyId=\"Test\",algorithm=\"rsa-sha256\",headers=\"x-payment-source x-payment-destination\" MDyO5tSvin5... ``` The request can be changed to have the following: ``` X-Payment-Source: dst@money.com // Emails switched X-Payment-Destination: src@money.com Authorization: Signature keyId=\"Test\",algorithm=\"rsa-sha256\",headers=\"x-payment-destination x-payment-source\" MDyO5tSvin5... ``` and both would be signed: ``` src@money.com dst@money.com ```"
|
||||
"value" : "Http-signature is a \"Reference implementation of Joyent's HTTP Signature Scheme\". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signature vulnerable to header forgery. Thus, if an attacker can intercept a request, he can swap header names and change the meaning of the request without changing the signature."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/joyent/node-http-signature/issues/10",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/joyent/node-http-signature/issues/10"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/318",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/318"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs. After the markdown `[link](data:text/html,<script>alert('0')</script>)` is rendered, the script will run when clicked."
|
||||
"value" : "Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/jonschlinkert/remarkable/issues/227",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/jonschlinkert/remarkable/issues/227"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/319",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/319"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,16 +54,24 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://gist.github.com/asanso/fa25685348051ef6a28d49aa0f27a4ae",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://gist.github.com/asanso/fa25685348051ef6a28d49aa0f27a4ae"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/cisco/node-jose",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/cisco/node-jose"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/324",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/324"
|
||||
},
|
||||
{
|
||||
"url" : "https://gist.github.com/asanso/fa25685348051ef6a28d49aa0f27a4ae"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. Example: ``` var init = i18n.init({debug: true}, function(){ var test = i18n.t('__firstName__ __lastName__', { escapeInterpolation: true, firstName: '__lastNameHTML__', lastName: '<script>', }); console.log(test); }); // equals \"<script> <script>\" ```"
|
||||
"value" : "i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of the dictionary keys to inject script into the browser. This affects i18next <=1.10.2."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/i18next/i18next/pull/443",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/i18next/i18next/pull/443"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/325",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/325"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,13 +54,19 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/ceolter/ag-grid/issues/1287",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/ceolter/ag-grid/issues/1287"
|
||||
},
|
||||
{
|
||||
"url" : "https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss"
|
||||
"name" : "https://nodesecurity.io/advisories/327",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/327"
|
||||
},
|
||||
{
|
||||
"url" : "https://nodesecurity.io/advisories/327"
|
||||
"name" : "https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://spring.io/blog/2016/01/28/angularjs-escaping-the-expression-sandbox-for-xss"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "jQuery is a javascript library for DOM manipulation. jQuery's main method in affected versions contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML. For example, this code would be parsed as a selector, executing the code in the `onerror` attribute: ``` $(\"#log\").html( $(\"element[attribute='<img src=\\\"x\\\" onerror=\\\"alert(1)\\\" />']\").html() ); ``` The fix in v1.9.0 updates a regular expression for detecting whether the input is HTML or a selector. HTML input must now explicitly start with `<`, rather than previously assuming that the input was HTML if the string contained `<` anywhere."
|
||||
"value" : "jQuery is a javascript library for DOM manipulation. jQuery's main method in affected versions (>=1.7.1 <=1.8.3) contains an unreliable way of detecting whether the input to the `jQuery(strInput)` function is intended to be a selector or HTML."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,18 +54,28 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://bugs.jquery.com/ticket/11290",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://bugs.jquery.com/ticket/11290"
|
||||
},
|
||||
{
|
||||
"url" : "https://bugs.jquery.com/ticket/6429"
|
||||
},
|
||||
{
|
||||
"url" : "https://bugs.jquery.com/ticket/9521"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.jquery.com/ticket/12531",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://bugs.jquery.com/ticket/12531"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.jquery.com/ticket/6429",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://bugs.jquery.com/ticket/6429"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugs.jquery.com/ticket/9521",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://bugs.jquery.com/ticket/9521"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/329",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/329"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and Ajax. When text/javascript responses are received from cross-origin ajax requests not containing the option `dataType`, the result is executed in `jQuery.globalEval` potentially allowing an attacker to execute arbitrary code on the origin."
|
||||
"value" : "Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and Ajax. When text/javascript responses are received from cross-origin ajax requests not containing the option `dataType`, the result is executed in `jQuery.globalEval` potentially allowing an attacker to execute arbitrary code on the origin. This affects Jquery >=1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://github.com/jquery/jquery/issues/2432"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614)",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614)"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/jquery/jquery/issues/2432",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/jquery/jquery/issues/2432"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/328",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/328"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "hapi is a web and services application framework. When hapi encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached."
|
||||
"value" : "hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to hang the client connection until the timeout period is reached."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/hapijs/hapi/issues/3466",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/hapijs/hapi/issues/3466"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/335",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/335"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/nodejitsu/node-http-proxy/pull/101",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/nodejitsu/node-http-proxy/pull/101"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/323",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/323"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/158",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/158"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://github.com/punkave/sanitize-html/issues/100"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/punkave/sanitize-html/issues/100",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/punkave/sanitize-html/issues/100"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/154",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/154"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability under certain scenarios: Entering the following: `<IMG SRC= onmouseover=\"alert('XSS');\">` produces the following: `<img src=\"onmouseover=\"alert('XSS');\"\" />` This is definitely invalid HTML, but would suggest that it's being interpreted incorrectly by the parser."
|
||||
"value" : "sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/punkave/sanitize-html/issues/19",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/punkave/sanitize-html/issues/19"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/punkave/sanitize-html/pull/20",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/punkave/sanitize-html/pull/20"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/155",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/155"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Restify is a framework for building REST APIs. Using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers. For example, for the URL `https://localhost:3000/no5_such3_file7.pl?%22%3E%3Cscript%3Ealert(73541);%3C/script%3E` restify will return `<script>alert(73541);</script>` as part of the response, and in some browsers will run."
|
||||
"value" : "Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/restify/node-restify/issues/1018",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/restify/node-restify/issues/1018"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/314",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/314"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible by including code outside of backticks in any ebook. This code will be executed on the online reader."
|
||||
"value" : "GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by including code outside of backticks in any ebook. This code will be executed on the online reader."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/GitbookIO/gitbook/issues/1609",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/GitbookIO/gitbook/issues/1609"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/159",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/159"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Summit is a node web framework. When using the PouchDB driver in the module, an attacker can execute arbitrary commands via the collection name."
|
||||
"value" : "Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/notduncansmith/summit/issues/23",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/notduncansmith/summit/issues/23"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/315",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/315"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100% usage while uri-js is trying to validate if the supplied URL is valid or not. To check if you're vulnerable, look for a call to `require(\"uri-js\").parse()` where a user is able to send their own input."
|
||||
"value" : "uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regular expression is vulnerable to redos. This causes the program to hang and the CPU to idle at 100% usage while uri-js is trying to validate if the supplied URL is valid or not. To check if you're vulnerable, look for a call to `require(\"uri-js\").parse()` where a user is able to send their own input. This affects uri-js 2.1.1 and earlier."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/garycourt/uri-js/issues/12",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/garycourt/uri-js/issues/12"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/100",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/100"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded."
|
||||
"value" : "Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, script can be injected. The script will run on the client side whenever that specific graph is loaded."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/morrisjs/morris.js/pull/464",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/morrisjs/morris.js/pull/464"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/307",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/307"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack."
|
||||
"value" : "Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressions to evaluate a string and takes unescaped separator values, which can be used to create a denial of service attack."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/sindresorhus/decamelize/issues/5",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/sindresorhus/decamelize/issues/5"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/308",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/308"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,16 +54,24 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://github.com/gvarsanyi/sync-exec/issues/17"
|
||||
},
|
||||
{
|
||||
"name" : "https://cwe.mitre.org/data/definitions/377.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://cwe.mitre.org/data/definitions/377.html"
|
||||
},
|
||||
{
|
||||
"url" : "https://www.owasp.org/index.php/Insecure_Temporary_File"
|
||||
"name" : "https://github.com/gvarsanyi/sync-exec/issues/17",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/gvarsanyi/sync-exec/issues/17"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/310",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/310"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.owasp.org/index.php/Insecure_Temporary_File",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.owasp.org/index.php/Insecure_Temporary_File"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://github.com/hapijs/nes/issues/171"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/hapijs/nes/commit/249ba1755ed6977fbc208463c87364bf884ad655"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/hapijs/nes/issues/171",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/hapijs/nes/issues/171"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/331",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/331"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body."
|
||||
"value" : "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://github.com/request/request/pull/2018"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/request/request/issues/1904",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/request/request/issues/1904"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/request/request/pull/2018",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/request/request/pull/2018"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/309",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/309"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/157",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/157"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests."
|
||||
"value" : "hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/henrytseng/hostr/issues/8",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/henrytseng/hostr/issues/8"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/303",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/303"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. Proof of Concept: ``` var useragent = require('useragent'); var badUserAgent = 'MSIE 0.0'+Array(900000).join('0')+'XBLWP'; var request = 'GET / HTTP/1.1\\r User-Agent: ' + badUserAgent + '\\r \\r '; console.log(useragent.parse(request)); ```"
|
||||
"value" : "Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Useragent 2.1.12 and earlier."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/312",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/312"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Socket.io is a realtime application framework that provides communication via websockets. Because socket.io depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information."
|
||||
"value" : "Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,15 +54,23 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"url" : "https://github.com/socketio/socket.io/issues/856"
|
||||
},
|
||||
{
|
||||
"url" : "https://github.com/socketio/socket.io/pull/857"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/socketio/socket.io/commit/67b4eb9abdf111dfa9be4176d1709374a2b4ded8"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/socketio/socket.io/issues/856",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/socketio/socket.io/issues/856"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/socketio/socket.io/pull/857",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/socketio/socket.io/pull/857"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/321",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/321"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/334",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/334"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/badjs-sourcemap-server",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/badjs-sourcemap-server"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/349",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/349"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gomeplus-h5-proxy",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/gomeplus-h5-proxy"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/350",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/350"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "`f2e-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. This is compounded by `f2e-server` requiring elevated privileges to run."
|
||||
"value" : "`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. This is compounded by `f2e-server` requiring elevated privileges to run."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/shy2850/node-server/issues/10",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/shy2850/node-server/issues/10"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/shy2850/node-server/pull/12/files",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/shy2850/node-server/pull/12/files"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/346",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/346"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/hftp",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/hftp"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/384",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/384"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/291",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/291"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/249",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/249"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Growl adds growl notification support to nodejs. Growl does not properly sanitize input before passing it to exec, allowing for arbitrary command execution."
|
||||
"value" : "Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,12 +54,18 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/tj/node-growl/issues/60",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/tj/node-growl/issues/60"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/tj/node-growl/pull/61",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/tj/node-growl/pull/61"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/146",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/146"
|
||||
}
|
||||
]
|
||||
|
||||
@ -35,7 +35,7 @@
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser."
|
||||
"value" : "Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3."
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -54,9 +54,13 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/erming/shout/pull/344",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/erming/shout/pull/344"
|
||||
},
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/322",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/322"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/497",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/497"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/496",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/496"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/495",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/495"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/493",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/493"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/492",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/492"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/491",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/491"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/490",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/490"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/489",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/489"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/487",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/487"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/488",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/488"
|
||||
}
|
||||
]
|
||||
|
||||
@ -54,6 +54,8 @@
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://nodesecurity.io/advisories/486",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://nodesecurity.io/advisories/486"
|
||||
}
|
||||
]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user