Vulnerabilidades en HackerOne

470 resultados
CVE-2015-9236Hapi versions less than 11.0.0 implement CORS incorrectly and allowed for configurations that at best returned inconsistent headers and at wEPSS 1.5%CVE-2017-16113The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.EPSS 1.5%CVE-2017-16115The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the evEPSS 1.5%CVE-2015-9238secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, EPSS 1.5%CVE-2016-10561Bitty is a development web server tool that functions similar to `python -m SimpleHTTPServer`. Version 0.2.10 has a directory traversal vulnEPSS 1.5%CVE-2018-16486A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prEPSS 1.5%CVE-2017-16044`d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.5%CVE-2018-3713angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a maEPSS 1.5%CVE-2016-10531marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specificallEPSS 1.5%CVE-2017-16023Decamelize is used to convert a dash/dot/underscore/space separated string to camelCase. Decamelize 1.1.0 through 1.1.1 uses regular expressEPSS 1.5%CVE-2017-16128The module npm-script-demo opened a connection to a command and control server. It has been removed from the npm registry.EPSS 1.5%CVE-2017-16127The module pandora-doomsday infects other modules. It's since been unpublished from the registry.EPSS 1.5%CVE-2016-10547Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in auEPSS 1.4%CVE-2016-10533express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlEPSS 1.4%CVE-2018-3778Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.EPSS 1.4%CVE-2018-3715glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a mEPSS 1.4%CVE-2016-10539negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "AEPSS 1.4%CVE-2017-16016Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XEPSS 1.4%CVE-2016-10598arrayfire-js is a module for ArrayFire for the Node.js platform. arrayfire-js downloads binary resources over HTTP, which leaves it vulnerabEPSS 1.4%CVE-2017-16028react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-EPSS 1.4%