Skip to content

Commit

Permalink
HackerOne Node.js Ecosystem Bug Bounty Program - February 2018 disclo…
Browse files Browse the repository at this point in the history 
…sures (#202)
  • Loading branch information
@bl4de @eoftedal
bl4de authored and eoftedal committed Mar 1, 2018
1 parent 800c814 commit cc7c850
Showing 1 changed file with 220 additions and 3 deletions.
223 changes: 220 additions & 3 deletions repository/npmrepository.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4565,8 +4565,225 @@
]
}
]
},
"html-janitor": {
"vulnerabilities": [
{
"below": "2.0.3",
"severity": "high",
"identifiers": {
"summary": "Bypassing sanitization using DOM clobbering"
},
"info": [
"https://hackerone.com/reports/308158"
]
},
{
"below": "2.0.3",
"severity": "high",
"identifiers": {
"summary": "Cross-site Scripting (XSS) - DOM"
},
"info": [
"https://hackerone.com/reports/308155"
]
}
]
},
"lodash": {
"vulnerabilities": [
{
"below": "4.0.0",
"severity": "low",
"identifiers": {
"summary": "Prototype pollution attack"
},
"info": [
"https://hackerone.com/reports/310443"
]
}
]
},
"hoek": {
"vulnerabilities": [
{
"below": "5.0.3",
"severity": "low",
"identifiers": {
"summary": "Prototype pollution attack"
},
"info": [
"https://hackerone.com/reports/310439"
]
}
]
},
"mixin-deep": {
"vulnerabilities": [
{
"below": "1.3.1",
"severity": "low",
"identifiers": {
"summary": "Prototype pollution attack"
},
"info": [
"https://hackerone.com/reports/311236"
]
}
]
},
"assign-deep": {
"vulnerabilities": [
{
"below": "0.4.7",
"severity": "low",
"identifiers": {
"summary": "Prototype pollution attack"
},
"info": [
"https://hackerone.com/reports/310707"
]
}
]
},
"merge-deep": {
"vulnerabilities": [
{
"below": "3.0.1",
"severity": "low",
"identifiers": {
"summary": "Prototype pollution attack"
},
"info": [
"https://hackerone.com/reports/310708"
]
}
]
},
"defaults-deep": {
"vulnerabilities": [
{
"below": "0.2.4",
"severity": "low",
"identifiers": {
"summary": "Prototype pollution attack"
},
"info": [
"https://hackerone.com/reports/310514"
]
}
]
},
"public": {
"vulnerabilities": [
{
"below": "0.1.3",
"severity": "high",
"identifiers": {
"summary": "Path Traversal"
},
"info": [
"https://hackerone.com/reports/312918"
]
}
]
},
"crud-file-server": {
"vulnerabilities": [
{
"below": "0.7.1",
"severity": "critical",
"identifiers": {
"summary": "Path Traversal"
},
"info": [
"https://hackerone.com/reports/311101"
]
}
]
},
"resolve-path": {
"vulnerabilities": [
{
"below": "1.4.0",
"severity": "high",
"identifiers": {
"summary": "Path Traversal"
},
"info": [
"https://hackerone.com/reports/315760"
]
}
]
},
"localhost-now": {
"vulnerabilities": [
{
"below": "1.0.2",
"severity": "high",
"identifiers": {
"summary": "Path Traversal"
},
"info": [
"https://hackerone.com/reports/312889"
]
}
]
},
"626": {
"vulnerabilities": [
{
"below": "1.1.2",
"severity": "high",
"identifiers": {
"summary": "Path Traversal"
},
"info": [
"https://hackerone.com/reports/311216"
]
}
]
},
"anywhere": {
"vulnerabilities": [
{
"below": "1.5.0",
"severity": "critical",
"identifiers": {
"summary": "Cross-site Scripting (XSS) - Stored"
},
"info": [
"https://hackerone.com/reports/309394"
]
}
]
},
"simplehttpserver": {
"vulnerabilities": [
{
"below": "1.5.0",
"severity": "critical",
"identifiers": {
"summary": "Cross-site Scripting (XSS) - Stored"
},
"info": [
"https://hackerone.com/reports/309648"
]
}
]
},
"hekto": {
"vulnerabilities": [
{
"below": "0.2.1",
"severity": "high",
"identifiers": {
"summary": "Path Traversal"
},
"info": [
"https://hackerone.com/reports/311218"
]
}
]
}



}

0 comments on commit cc7c850

Please sign in to comment.