Security
Headlines
HeadlinesLatestCVEs

Tag

#js

RHSA-2022:6916: Red Hat Security Advisory: Red Hat AMQ Broker 7.10.1 release and security update

Red Hat AMQ Broker 7.10.1 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3121: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation * CVE-2022-24823: netty: world readable temporary file containing sensitive data * CVE-2022-33980: apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults * CVE-2022-35278: activemq-artemis: AMQ Broker web console HTML Injection

Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#apache#nodejs#js#java#kubernetes#aws
CVE-2022-37611: gh-pages/util.js at e363b144defe8e555f5a54251a6f7f1297c0e3f6 · tschaub/gh-pages

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.

CVE-2022-40440: Home · SxB64/mxgraph-xss-vul Wiki

mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the setTooltips() function.

CVE-2022-37617: browserify-shim/resolve-shims.js at 464b32bbe142664cd9796059798f6c738ea3de8f · thlorenz/browserify-shim

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.

CVE-2022-41385: d8s-html

The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.

CVE-2022-41380: d8s-yaml

The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.

GHSA-9pgh-qqpf-7wqj: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

### Impact A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3. ### Patches Update to `@xmldom/xmldom@0.8.3` or higher or to `@xmldom/xmldom@0.9.0-beta.2` or higher if you are on the dist-tag `next`. ### Workarounds No, if you can not update to v0.8.3, please let us know, we would be able to also provide a patch update for version 0.7.x if required. ### References https://github.com/xmldom/xmldom/pull/437 ### For more information If you have any questions or comments about this advisory: * Email us at security@xmldom.org * Add information to https://github.com/xmldom/xmldom/issue/436

CVE-2021-36915: Profile Builder – User Profile & User Registration Forms

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

CVE-2022-37599: loader-utils/interpolateName.js at d9f4e23cf411d8556f8bac2d3bf05a6e0103b568 · webpack/loader-utils

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.

CVE-2022-37609: js-beautify/options.js at 6fa891e982cc3d615eed9a1a20a4fc50721bff16 · beautify-web/js-beautify

Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.