-
@adriano-di-giovanni any chance you could release a new version of `node-df` with a fix for this?
CVE-2019-15597
high severity
Vulnerable versions: = 0.1.4
Patched version: No fix
A code inject…
otisg updated
4 years ago
-
Report: https://hackerone.com/reports/87531
Simply copying [Gratipay's solution](https://github.com/gratipay/gratipay.com/commit/b4dc7eff5d141c9949aa959fe2598dab22621d76) won't be enough, because it …
-
Link: https://hackerone.com/reports/799734
Date: 2020-02-19 13:24:24 UTC
By: rutger77
Weakness: Business Logic Errors
Details:
## Summary:
[add summary of the vulnerability]
## Steps …
-
## Can i Takeover via [acquia](https://cloud.acquia.com) ?
![image](https://user-images.githubusercontent.com/31374361/59699042-7c7aaa80-91b6-11e9-9fb6-a57868b5f133.png)
-
Something needs to be done about this.
> **Code Injection Vulnerability in dot Package**
> All versions of dot are vulnerable to Command Injection. The template compilation may execute arbitrary c…
-
**Description**
Authorization Bypass through User-Controlled Key in NPM url-parse versions 1.4.5 through 1.5.8. Bypasses "https://hackerone.com/reports/496293" via "\b" (backspace) character.
**…
-
-
## CVE-2019-15599 - Critical Severity Vulnerability
Vulnerable Library - tree-kill-1.2.1.tgz
kill trees of processes
Library home page: https://registry.npmjs.org/tree-kill/-/tree-kill-1.2.1.tgz
Pat…
-
# https://hackerone.com/reports/2498849
## Summary:
Malicious validators can prevent legitimate transactions from being executed.
## Proof-of-Concept (PoC)
1. When a malicious validator re…
-
## WS-2020-0438 - Medium Severity Vulnerability
Vulnerable Library - i18next-19.6.3.tgz
i18next internationalization framework
Library home page: https://registry.npmjs.org/i18next/-/i18next-19.6.3.…