Search CVE reports
321 – 330 of 42760 results
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open...
1 affected package
node-tar
| Package | 20.04 LTS |
|---|---|
| node-tar | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while...
1 affected package
node-tar
| Package | 20.04 LTS |
|---|---|
| node-tar | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as...
1 affected package
node-tar
| Package | 20.04 LTS |
|---|---|
| node-tar | Needs evaluation |
node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, node-tar coerces all-digit PAX path and linkpath values in src/pax.ts to JavaScript numbers, causing downstream path handling such...
1 affected package
node-tar
| Package | 20.04 LTS |
|---|---|
| node-tar | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.1, YAML11_SCHEMA support for the !!omap tag in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on every insertion,...
1 affected package
node-js-yaml
| Package | 20.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. From 3.0.0 before 3.15.0 and from 4.0.0 before 4.3.0, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...
1 affected package
node-js-yaml
| Package | 20.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |
js-yaml is a JavaScript YAML parser and dumper. From 5.0.0 before 5.2.0, when merge keys are enabled, js-yaml can spend quadratic CPU time parsing a document whose size grows only linearly when a chain of mappings uses merge keys...
1 affected package
node-js-yaml
| Package | 20.04 LTS |
|---|---|
| node-js-yaml | Needs evaluation |
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences,...
1 affected package
ack
| Package | 20.04 LTS |
|---|---|
| ack | Needs evaluation |
App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options....
1 affected package
ack
| Package | 20.04 LTS |
|---|---|
| ack | Needs evaluation |
App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source...
1 affected package
ack
| Package | 20.04 LTS |
|---|---|
| ack | Needs evaluation |