CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.

**Command Injection Affecting npm-help package, versions **\*****

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-NPMHELP-1050983
    
*   **published**
    
    26 Jan 2021
    
*   **disclosed**
    
    26 Jan 2021
    
*   **credit**
    
    JHU System Security Lab
    

**How to fix?**

There is no fixed version for npm-help.

**Overview**

Affected versions of this package are vulnerable to Command Injection. The injection point is located in line 13 in index.js file in export.latestVersion() function.

**PoC:**

    var root = require("npm-help");
    var module = "& touch JHU";
    root.latestVersion(module);

Headline

CVE-2020-28445: Snyk Vulnerability Database | Snyk

CVE: Latest News