Security
Headlines
HeadlinesLatestCVEs

Source

ghsa

GHSA-vqgr-mfxm-47f3: git-archive vulnerable to Command Injection via exports function

All versions of package git-archive are vulnerable to Command Injection via the exports function.

ghsa
#git
GHSA-54w4-2f2p-f48h: deferred-exec Command Injection vulnerability

A command injection vulnerability affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js

GHSA-6367-p3v8-7mgw: google-cloudstorage-commands Command Injection vulnerability

A command injection vulnerability affects all versions of the deprecated package google-cloudstorage-commands.

GHSA-42m6-g935-5vmq: Prototype pollution in @ianwalter/merge

All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. @ianwalter/merge is [deprecated](https://github.com/ianwalter/merge/blob/master/README.md) and the maintainer suggests using [@generates/merger](https://github.com/generates/generates/tree/main/packages/merger) instead.

GHSA-w868-4576-rv24: ntesseract vulnerable to Command Injection

The package ntesseract before 0.2.9 is vulnerable to Command Injection via lib/tesseract.js.

GHSA-wr4v-3f2h-6hhh: sonar-wrapper Command Injection vulnerability

A command injection vulnerability affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.

GHSA-ww2v-frv5-pj5x: Joplin is vulnerable to arbitrary code execution

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.

GHSA-fw3v-x4f2-v673: Mistune v2.0.2 vulnerable to catastrophic backtracking

In Mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

GHSA-xg72-6c83-ghh4: Microweber Stored Cross-site Scripting before v1.2.20

Microwerber prior to version 1.2.20 is vulnerable to stored Cross-site Scripting (XSS).

GHSA-cfcg-2qgr-v243: Microweber before 1.2.21 vulnerable to reflected XSS

Microweber prior to 1.2.21 is vulnerable to reflected cross-site scripting (XSS).