Headline
GHSA-x2jx-w3wm-9p3p: nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-41777
nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
Moderate severity GitHub Reviewed Published Dec 5, 2022 • Updated Dec 5, 2022
Package
npm nadesiko3 (npm)
Affected versions
< 3.3.75
Description
Related news
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.