Accesslog Project

accesslog_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Accesslog

accesslog

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-25760 1Accesslog Project 1Accesslog Nov 21, 2024 Mar 17, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of t...Show more All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-25760

1Accesslog Project

1Accesslog

Nov 21, 2024

Mar 17, 2022

N/A· v4

9.8 CRITICAL· v3

10.0 HIGH· v2

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package's exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.Show less