| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. |
| All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function. |
| This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context. |
| All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function. |
| This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC: |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. |
| This affects all versions of package google-cloudstorage-commands. |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. |
| This affects all versions of package node-latex-pdf. |
| All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){}) |
| All versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId. |
| This affects all versions of package curljs. |
| This affects all versions of package s3-kilatstorage. |
| This affects all versions of package monorepo-build. |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. |
| CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. |
| During installation with certain driver software or application packages an arbitrary code execution could occur. |
| HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. |
