| code-server |
CVE-2023-26114 |
严重 |
1.95.3 |
4.10.1 |
code-server vulnerable to Missing Origin Validation in WebSockets
漏洞详情: https://avd.aquasec.com/nvd/cve-2023-26114
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2023-03-23 05:15 修改: 2023-11-07 04:09
|
| handlebars |
CVE-2019-19919 |
严重 |
1.0.0 |
4.3.0, 3.0.8 |
nodejs-handlebars: prototype pollution leading to remote code execution via crafted payloads
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-19919
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2019-12-20 23:15 修改: 2022-06-03 18:48
|
| handlebars |
CVE-2021-23369 |
严重 |
1.0.0 |
4.7.7 |
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23369
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2021-04-12 14:15 修改: 2021-06-08 13:54
|
| handlebars |
CVE-2021-23383 |
严重 |
1.0.0 |
4.7.7 |
nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-23383
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2021-05-04 09:15 修改: 2021-12-03 19:59
|
| grunt |
CVE-2022-1537 |
高危 |
1.0.0 |
1.5.3 |
gruntjs: race condition leading to arbitrary file write
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-1537
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2022-05-10 14:15 修改: 2023-04-05 22:15
|
| code-server |
CVE-2021-3810 |
高危 |
1.95.3 |
3.12.0 |
Inefficient Regular Expression Complexity in code-server
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-3810
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2021-09-17 07:15 修改: 2023-07-10 19:02
|
| diff |
GHSA-h6ch-v84p-w6p9 |
高危 |
1.0.0 |
3.5.0 |
Regular Expression Denial of Service (ReDoS)
漏洞详情: https://github.com/advisories/GHSA-h6ch-v84p-w6p9
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| grunt |
CVE-2020-7729 |
高危 |
1.0.0 |
1.3.0 |
The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7729
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2020-09-03 09:15 修改: 2022-11-16 14:05
|
| handlebars |
CVE-2019-20920 |
高危 |
1.0.0 |
3.0.8, 4.5.3 |
nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-20920
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2020-09-30 18:15 修改: 2020-10-15 17:35
|
| handlebars |
GHSA-2cf5-4w76-r9qv |
高危 |
1.0.0 |
3.0.8, 4.5.2 |
Arbitrary Code Execution in handlebars
漏洞详情: https://github.com/advisories/GHSA-2cf5-4w76-r9qv
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| handlebars |
GHSA-g9r4-xpmj-mj65 |
高危 |
1.0.0 |
3.0.8, 4.5.3 |
Prototype Pollution in handlebars
漏洞详情: https://github.com/advisories/GHSA-g9r4-xpmj-mj65
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| handlebars |
GHSA-q2c6-c6pm-g3gh |
高危 |
1.0.0 |
3.0.8, 4.5.3 |
Arbitrary Code Execution in handlebars
漏洞详情: https://github.com/advisories/GHSA-q2c6-c6pm-g3gh
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| handlebars |
GHSA-q42p-pg8m-cqh6 |
高危 |
1.0.0 |
4.1.2, 4.0.14, 3.0.7 |
Prototype Pollution in handlebars
漏洞详情: https://github.com/advisories/GHSA-q42p-pg8m-cqh6
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| ini |
CVE-2020-7788 |
高危 |
1.0.0 |
1.3.6 |
nodejs-ini: Prototype pollution via malicious INI file
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7788
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2020-12-11 11:15 修改: 2022-12-02 19:40
|
| json |
CVE-2020-7712 |
高危 |
1.0.0 |
10.0.0 |
trentm/json vulnerable to command injection
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-7712
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2020-08-30 08:15 修改: 2023-11-07 03:26
|
| npm |
CVE-2018-7408 |
高危 |
1.0.1 |
5.7.1 |
Incorrect Permission Assignment for Critical Resource in NPM
漏洞详情: https://avd.aquasec.com/nvd/cve-2018-7408
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2018-02-22 18:29 修改: 2019-10-03 00:03
|
| npm |
CVE-2019-16775 |
高危 |
1.0.1 |
6.13.3 |
npm: Symlink reference outside of node_modules folder through the bin field upon installation
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16775
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm |
CVE-2019-16776 |
高危 |
1.0.1 |
6.13.3 |
npm: Arbitrary file write via constructed entry in the package.json bin field
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16776
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| npm |
CVE-2019-16777 |
高危 |
1.0.1 |
6.13.4 |
npm: Global node_modules Binary Overwrite
漏洞详情: https://avd.aquasec.com/nvd/cve-2019-16777
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2019-12-13 01:15 修改: 2023-11-07 03:05
|
| path-to-regexp |
CVE-2024-45296 |
高危 |
3.2.0 |
1.9.0, 0.1.10, 8.0.0, 3.3.0, 6.3.0 |
path-to-regexp: Backtracking regular expressions cause ReDoS
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-45296
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2024-09-09 19:15 修改: 2024-09-10 12:09
|
| pug |
CVE-2021-21353 |
高危 |
1.0.0 |
3.0.1 |
pug: user provided objects as input to pug templates can achieve remote code execution
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-21353
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2021-03-03 02:15 修改: 2021-03-09 15:35
|
| code-server |
CVE-2021-42648 |
中危 |
1.95.3 |
3.12.0 |
Cross site scripting in code-server
漏洞详情: https://avd.aquasec.com/nvd/cve-2021-42648
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2022-05-11 18:15 修改: 2022-05-20 16:33
|
| grunt |
CVE-2022-0436 |
中危 |
1.0.0 |
1.5.2 |
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.
漏洞详情: https://avd.aquasec.com/nvd/cve-2022-0436
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2022-04-12 21:15 修改: 2023-04-06 15:15
|
| npm |
CVE-2016-3956 |
中危 |
1.0.1 |
>= 2.15.1 <= 3.0.0, >= 3.8.3 |
npm: bearer token leak to non-registry hosts
漏洞详情: https://avd.aquasec.com/nvd/cve-2016-3956
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2016-07-02 14:59 修改: 2021-06-15 16:30
|
| npm |
CVE-2020-15095 |
中危 |
1.0.1 |
6.14.6 |
npm: sensitive information exposure through logs
漏洞详情: https://avd.aquasec.com/nvd/cve-2020-15095
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2020-07-07 19:15 修改: 2023-11-07 03:17
|
| handlebars |
CVE-2015-8861 |
中危 |
1.0.0 |
>=4.0.0 |
The handlebars package before 4.0.0 for Node.js allows remote attacker ...
漏洞详情: https://avd.aquasec.com/nvd/cve-2015-8861
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2017-01-23 21:59 修改: 2020-04-22 12:54
|
| handlebars |
NSWG-ECO-519 |
中危 |
1.0.0 |
>=4.6.0 |
Denial of Service
漏洞详情: https://hackerone.com/reports/726364
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|
| pug |
CVE-2024-36361 |
中危 |
1.0.0 |
3.0.3 |
Pug allows JavaScript code execution if an application accepts untrusted input
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-36361
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2024-05-24 06:15 修改: 2024-08-02 04:17
|
| npm |
CVE-2013-4116 |
低危 |
1.0.1 |
>=1.3.3 |
npm: Insecure temporary directory generation
漏洞详情: https://avd.aquasec.com/nvd/cve-2013-4116
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2014-04-22 14:23 修改: 2020-10-14 13:21
|
| cookie |
CVE-2024-47764 |
低危 |
0.4.1 |
0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
|
| cookie |
CVE-2024-47764 |
低危 |
0.6.0 |
0.7.0 |
cookie: cookie accepts cookie name, path, and domain with out of bounds characters
漏洞详情: https://avd.aquasec.com/nvd/cve-2024-47764
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 2024-10-04 20:15 修改: 2024-10-07 17:48
|
| markdown |
GHSA-wx77-rp39-c6vg |
低危 |
1.0.0 |
|
Regular Expression Denial of Service in markdown
漏洞详情: https://github.com/advisories/GHSA-wx77-rp39-c6vg
镜像层: sha256:bef08f6e347649b06714fefa343f2405f40a5a521cead5464c19197138906ba8
发布日期: 0001-01-01 00:00 修改: 0001-01-01 00:00
|