Security
Headlines
HeadlinesLatestCVEs

Tag

#nodejs

GHSA-rwf3-w4jq-f4cm: Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

ghsa
Open in Source
#vulnerability#nodejs#git
GHSA-4wrm-qmq2-5fjx: Directory Traversal in evershop

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.

CVE-2023-46494: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cx8ecec391-2014 - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx.

CVE-2023-46499: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cx0f8b38be-d5de - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel.

CVE-2023-46498: Improper Authorization in @evershop/evershop - Cx8b24ace3-0c9a - DevHub

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.

CVE-2023-46497: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in @evershop/evershop - Cx16846793-56b6 - DevHub

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint.

CVE-2023-46495: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @evershop/evershop - Cxbc6d4599-c1bd - DevHub

Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter.

CVE-2023-46496: Relative Path Traversal in @evershop/evershop - Cx943be66a-54cc - DevHub

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint.

CVE-2023-46493: Relative Path Traversal in @evershop/evershop - Cxa4d94170-be41 - DevHub

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js.

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.