#js

GHSA-hj9c-8jmm-8c52: Packing does not respect root-level ignore files in workspaces

### Impact `npm pack` ignores root-level `.gitignore` & `.npmignore` file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of [v7.9.0](https://github.com/npm/cli/releases/tag/v7.9.0) & [v7.13.0](https://github.com/npm/cli/releases/tag/v7.13.0) respectively, may be affected and have published files into the npm registry they did not intend to include. ### Patch - Upgrade to the latest, patched version of `npm` ([`v8.11.0`](https://github.com/npm/cli/releases/tag/v8.11.0)), run: `npm i -g npm@latest` - Node.js versions [`v16.15.1`](https://github.com/nodejs/node/releases/tag/v16.15.1), [`v17.19.1`](https://github.com/nodejs/node/releases/tag/v17.9.1) & [`v18.3.0`](https://github.com/nodejs/node/releases/tag/v18.3.0) include the patched `v8.11.0` version of `npm` #### Steps to take to see if you're impacted 1. Run `npm publish --dry-run` or `npm pack` wi...

2 years ago

ghsa

Open in Source

#nodejs #js #git

CVE-2021-33504: Alerts | Couchbase

Couchbase Server before 7.1.0 has Incorrect Access Control.

2 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #apple #dos #apache #memcached #js #java #kubernetes #rce #perl #ldap #log4j #buffer_overflow #auth #ssl

CVE-2021-44080

A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint.

2 years ago

CVE

Open in Source

#vulnerability #web #js

CVE-2022-29653: There are many cross-site scripting vulnerabilities in ofCMS system background · Issue #I53COA · 欧福/ofcms - Gitee.com

OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.

2 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #windows #apple #js #git #java #chrome #webkit

CVE-2022-29780: SEGV in njs_array_prototype_sort · Issue #486 · nginx/njs

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.

2 years ago

CVE

Open in Source

#linux #js #git #nginx

CVE-2022-29779: SEGV src/njs_value.c:240 in njs_value_own_enumerate · Issue #485 · nginx/njs

Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.

2 years ago

CVE

Open in Source

#linux #js #nginx

CVE-2022-30349: 跨站脚本攻击(xss) · Issue #3238 · siteserver/cms

siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).

2 years ago

CVE

Open in Source

#sql #xss #web #mac #windows #js #git #intel #firefox #asp.net

CVE-2022-30478: GitHub - creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-: This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

2 years ago

CVE

Open in Source

#sql #web #js #git #java #php #sap

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

2 years ago

CVE

Open in Source

#sql #xss #csrf #vulnerability #web #android #mac #windows #apple #google #microsoft #apache #js #git #java #php #rce #perl #ldap #pdf #oauth #auth #docker #chrome #firefox

CVE-2022-31347: bug_report/SQLi-4.md at main · k0xx11/bug_report

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle.

2 years ago

CVE

Open in Source

#sql #vulnerability #windows #js #java #php #firefox

Tag

#js