最近では、多くのスマートフォンが少なくとも128GBのストレージを搭載しています。何らかの理由で、A…
サイバークライシス 狙われる金融システム ―中南米で起きていること―
メキシコの銀行で電子決済システムSPEI(Interbank Electronic Payment …
サイバークライシス 狙われる金融システム―中南米で起きていること―
メキシコの銀行で電子決済システムSPEI(Interbank Electronic Payment …
カシオ「EDIFICE」、F1チーム「Scuderia AlphaTauri」とのコラボモデル
カシオ計算機は9月14日、高機能メタルウオッチ「EDIFICE(エディフィス)」の新製品として、F1…
Google、「Android 11」5つの新機能をPixelスマートフォンから先行提供
米Googleは9月8日(現地時間)、Pixelシリーズのスマートフォン向けに機能アップデートのロー…
[markdown-it-katex] Cross-Site Scripting in markdown-it-katex
All versions of markdown-it-katex are vulnerable to Cross-Site Scripting (XSS). The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim’s browser by triggering an error.
Recommendation
…
[ftp-srv] Server-Side Request Forgery in ftp-srv
All versions of ftp-srv are vulnerable to Server-Side Request Forgery (SSRF). The package fails to prevent remote clients to access other resources in the network, for example when connecting to the server through telnet. This allows attackers to acces…
[localeval] Sandbox Breakout / Arbitrary Code Execution in localeval
All versions of localeval are vulnerable to Sandbox Escape leading to Remote Code Execution. The package fails to restrict access to the main context through constructor.constructor. This may allow attackers to execute arbitrary code in the system. Ev…
[html-pdf-chrome] Server-Side Request Forgery in html-pdf-chrome
All versions of html-pdf-chrome are vulnerable to Server-Side Request Forgery (SSRF). The package executes HTTP requests if the parsed HTML contains external references to resources, such as <iframe src=”http://localhost” height=”800px” width=”800px…
[markdown] Regular Expression Denial of Service in markdown
All versions of markdown are vulnerable to Regular Expression Denial of Service (ReDoS). The markdown.toHTML() function has significantly degraded performance when parsing long strings containing underscores. This may lead to Denial of Service if the p…