You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
"title": "Regular Expression Denial of Service Different Title",
175
+
"found_by": {
176
+
"name": "Adam Baldwin"
177
+
},
178
+
"reported_by": {
179
+
"name": "Adam Baldwin"
180
+
},
181
+
"module_name": "negotiator",
182
+
"cves": [
183
+
"CVE-2016-10539"
184
+
],
185
+
"vulnerable_versions": "<= 0.6.0",
186
+
"patched_versions": ">= 0.6.1",
187
+
"overview": "Affected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n",
188
+
"recommendation": "Update to version 0.6.1 or later.",
"title": "2222Regular Expression Denial of Service Different Title",
217
+
"found_by": {
218
+
"name": "Adam Baldwin"
219
+
},
220
+
"reported_by": {
221
+
"name": "Adam Baldwin"
222
+
},
223
+
"module_name": "negotiator",
224
+
"cves": [
225
+
"CVE-2019-10321"
226
+
],
227
+
"vulnerable_versions": "<= 0.6.0",
228
+
"patched_versions": ">= 0.6.1",
229
+
"overview": "Affected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n",
230
+
"recommendation": "Update to version 0.6.1 or later.",
"overview": "Affected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof of Concept\n```\nconst { Client } = require('pg')\nconst client = new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\'/*\", 2 AS \"\\\\'*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```",
272
+
"recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )",
"overview": "Affected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof of Concept\n```\nconst { Client } = require('pg')\nconst client = new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\'/*\", 2 AS \"\\\\'*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```",
359
+
"recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )",
0 commit comments