Описание
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- PatchRelease NotesThird Party Advisory
- ExploitPatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.0.0 (исключая)
cpe:2.3:a:pac-resolver_project:pac-resolver:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 77%
0.00999
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.1
redhat
больше 4 лет назад
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
EPSS
Процентиль: 77%
0.00999
Низкий
8.1 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo