본문 바로가기

취약점.4

'csv-plus' HTML Injection 취약점 #CVE-2022-21241 Target : csv-plus ≤ 0.8.0 https://github.com/plusone-masaki/csv-plus GitHub - plusone-masaki/csv-plus: A completely new CSV editor that gives you a great experience with simple operations. A completely new CSV editor that gives you a great experience with simple operations. - GitHub - plusone-masaki/csv-plus: A completely new CSV editor that gives you a great experience with simple o... github.c.. 2022. 8. 1.

'getgrav/grav' XSS 취약점 #CVE-2022-0268 Target : getgrav/grav https://github.com/getgrav/grav GitHub - getgrav/grav: Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS powered by PHP, Markdown, Twig, and Symfony - GitHub - getgrav/grav: Modern, Crazy Fast, Ridiculously Easy and Amazingly P... github.com Des.. 2022. 7. 17.

'Bodymem' Prototye Pollution 취약점 #CVE-2022-25296 Target : Bodymem Description Prototye 페이로드를 이용해서 Object.prototype의 속성을 추가하거나 수정하도록 속일 수 있는 핸들러 기능을 통해 프로토 타입 오염이 발생한다. * CVE-2019-10792 수정 코드에서 발생 PoC const x = require("bodymem"); x.handler(["__proto__"], "polluted", "success"); console.log({}.polluted) 관련 링크 https://security.snyk.io/vuln/SNYK-JS-BODYMEN-2342623 Snyk Vulnerability Database | Snyk Snyk Vulnerability Database security.snyk.io htt.. 2022. 7. 13.

'Drogon' Arbitray File Write 취약점 #CVE-2022-25297 Target : Drogon https://github.com/drogonframework/drogon GitHub - drogonframework/drogon: Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows Drogon: A C++14/17/20 based HTTP web application framework running on Linux/macOS/Unix/Windows - GitHub - drogonframework/drogon: Drogon: A C++14/17/20 based HTTP web application framework running ... github.com .. 2022. 7. 9.

이전 1 다음

티스토리툴바