Security
Headlines

Headlines Latest CVEs

Headline

GHSA-p23c-p8w2-ww5v: Prototype Pollution in querymen

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of CVE-2020-7600.

2 years ago

#vulnerability #js #git

Prototype Pollution in querymen

Moderate severity GitHub Reviewed Published Jun 18, 2022 • Updated Jun 20, 2022

Related news

CVE-2022-25871: Prototype Pollution in querymen | CVE-2022-25871 | Snyk

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867).

2 years ago

#vulnerability #dos #js #java #rce

ghsa: Latest News

GHSA-8fh4-942r-jf2g: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

17 hours ago

GHSA-7q7g-4xm8-89cq: Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit

17 hours ago

GHSA-phm4-wf3h-pc3r: Unpatched Remote Code Execution in Gogs

19 hours ago

GHSA-x645-6pf9-xwxw: LibreNMS has an Authenticated OS Command Injection

22 hours ago

GHSA-gv4m-f6fx-859x: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

22 hours ago