Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-x2jx-w3wm-9p3p: nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

ghsa
Open in Source
#nodejs#git
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2022-41777

nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit

Moderate severity GitHub Reviewed Published Dec 5, 2022 • Updated Dec 5, 2022

Package

npm nadesiko3 (npm)

Affected versions

< 3.3.75

Description

Related news

CVE-2022-42496: JVN#56968681: Multiple vulnerabilities in nadesiko3

OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

ghsa: Latest News

GHSA-g85v-wf27-67xc: Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
ghsa