#js

This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js.

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.

The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.

All versions of package git-archive are vulnerable to Command Injection via the exports function.

This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.

Red Hat OpenShift Container Platform release 4.10.24 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2403: openshift: oauth-serving-cert configmap contains cluster certificate private key

A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component.