Security
Headlines

Headlines Latest CVEs

Headline

GHSA-q849-wxrc-vqrp: hull.js Code Injection Vulnerability

Versions of the library from 0.2.2 to 1.0.9 are vulnerable to the arbitrary code execution due to unsafe usage of new Function(...) in the module that handles points format. Applications passing the 3rd parameter to the hull function without sanitising may be impacted. The vulnerability has been fixed in version 1.0.10, please update the library. Check project homepage on GitHub to see how to fetch the latest version: https://github.com/andriiheonia/hull?tab=readme-ov-file#npm-package

16 days ago

#vulnerability #nodejs #js #git

hull.js Code Injection Vulnerability

Critical severity GitHub Reviewed Published Nov 30, 2024 in AndriiHeonia/hull • Updated Dec 2, 2024

ghsa: Latest News

GHSA-2p6p-9rc9-62j9: Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

1 hour ago

GHSA-32gq-x56h-299c: age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

2 hours ago

GHSA-4fg7-vxc8-qx5w: rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution

2 hours ago

GHSA-hvm9-wc8j-mgrc: TShock Security Escalation Exploit

2 hours ago

GHSA-2ff4-xfpr-m32r: `Slip10Like` derivation method instantiated with certain curves may allow attacker to find derivation path which results into very long derivation (possible DoS)

5 hours ago