Vulnerabilidades em HackerOne

470 resultados
CVE-2016-10635broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-closure before 1.3.1 downloads binary resources over HTTP, which leavesEPSS 1.7%CVE-2016-10660fis-parser-sass-bin a plugin for fis to compile sass using node-sass-binaries. fis-parser-sass-bin downloads binary resources over HTTP, whiEPSS 1.7%CVE-2016-10685pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM EPSS 1.7%CVE-2016-10696windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTPEPSS 1.7%CVE-2018-16469The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These pEPSS 1.7%CVE-2017-16116The string module is a module that provides extra string operations. The string module is vulnerable to regular expression denial of serviceEPSS 1.7%CVE-2017-16098charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down oEPSS 1.7%CVE-2018-16479Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes EPSS 1.7%CVE-2016-10526A common setup to deploy to gh-pages on every commit via a CI system is to expose a github token to ENV and to use it directly in the auth pEPSS 1.6%CVE-2016-10519A security issue was found in bittorrent-dht before 5.1.3 that allows someone to send a specific series of messages to a listening peer and EPSS 1.6%CVE-2016-10595jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacEPSS 1.6%CVE-2016-10608robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to EPSS 1.6%CVE-2014-10066Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input EPSS 1.6%CVE-2016-10527The riot-compiler version version 2.3.21 has an issue in a regex (Catastrophic Backtracking) thats make it unusable under certain conditionsEPSS 1.6%CVE-2017-16117slug is a module to slugify strings, even if they contain unicode. slug is vulnerable to regular expression denial of service is specially cEPSS 1.6%CVE-2017-16119Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of sEPSS 1.6%CVE-2017-16013hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught EPSS 1.6%CVE-2017-16099The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can EPSS 1.6%CVE-2018-16487A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into EPSS 1.6%CVE-2016-10577ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 and IBM Informix. ibm_db before 1.0.2 downloads binary resources overEPSS 1.5%