API tools faq
paste
home15

Untitled

home15
Oct 5th, 2024
375
0
Never
9
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.27 KB | None | 0 0
raw download clone embed print report
  1. # npm audit report
  2.  
  3. axios 0.8.1 - 0.27.2
  4. Severity: moderate
  5. Axios Cross-Site Request Forgery Vulnerability - https://github.com/advisories/GHSA-wf5p-g6vw-rhxx
  6. fix available via `npm audit fix --force`
  7. Will install [email protected], which is a breaking change
  8. node_modules/axios
  9.  
  10. body-parser <1.20.3
  11. Severity: high
  12. body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7
  13. fix available via `npm audit fix`
  14. node_modules/body-parser
  15. express *
  16. Depends on vulnerable versions of body-parser
  17. Depends on vulnerable versions of cookie
  18. Depends on vulnerable versions of path-to-regexp
  19. Depends on vulnerable versions of send
  20. node_modules/express
  21.  
  22. braces <3.0.3
  23. Severity: high
  24. Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
  25. fix available via `npm audit fix`
  26. node_modules/braces
  27.  
  28. cookie <0.7.0
  29. cookie accepts cookie name, path, and domain with out of bounds characters - https://github.com/advisories/GHSA-pxg6-pf52-xh8x
  30. fix available via `npm audit fix --force`
  31. Will install [email protected], which is a breaking change
  32. node_modules/cookie
  33. node_modules/express/node_modules/cookie
  34. cookie-parser >=1.0.1
  35. Depends on vulnerable versions of cookie
  36. node_modules/cookie-parser
  37. engine.io 0.7.8 - 0.7.9 || >=1.8.0
  38. Depends on vulnerable versions of cookie
  39. Depends on vulnerable versions of ws
  40. node_modules/engine.io
  41. express *
  42. Depends on vulnerable versions of body-parser
  43. Depends on vulnerable versions of cookie
  44. Depends on vulnerable versions of path-to-regexp
  45. Depends on vulnerable versions of send
  46. node_modules/express
  47.  
  48. ejs <3.1.10
  49. Severity: moderate
  50. ejs lacks certain pollution protection - https://github.com/advisories/GHSA-ghr5-ch3p-vcr6
  51. fix available via `npm audit fix`
  52. node_modules/ejs
  53.  
  54. engine.io 0.7.8 - 0.7.9 || >=1.8.0
  55. Severity: high
  56. Uncaught exception in engine.io - https://github.com/advisories/GHSA-r7qp-cfhv-p84w
  57. engine.io Uncaught Exception vulnerability - https://github.com/advisories/GHSA-q9mw-68c2-j6m5
  58. Depends on vulnerable versions of cookie
  59. Depends on vulnerable versions of ws
  60. fix available via `npm audit fix`
  61. node_modules/engine.io
  62.  
  63. express *
  64. Severity: high
  65. Express.js Open Redirect in malformed URLs - https://github.com/advisories/GHSA-rv95-896h-c2vc
  66. express vulnerable to XSS via response.redirect() - https://github.com/advisories/GHSA-qw6h-vgh9-j6wx
  67. Depends on vulnerable versions of body-parser
  68. Depends on vulnerable versions of cookie
  69. Depends on vulnerable versions of path-to-regexp
  70. Depends on vulnerable versions of send
  71. fix available via `npm audit fix`
  72. node_modules/express
  73.  
  74. follow-redirects <=1.15.5
  75. Severity: moderate
  76. Follow Redirects improperly handles URLs in the url.parse() function - https://github.com/advisories/GHSA-jchw-25xp-jwwc
  77. follow-redirects' Proxy-Authorization header kept across hosts - https://github.com/advisories/GHSA-cxjh-pqwp-8mfp
  78. fix available via `npm audit fix`
  79. node_modules/follow-redirects
  80.  
  81. got <11.8.5
  82. Severity: moderate
  83. Got allows a redirect to a UNIX socket - https://github.com/advisories/GHSA-pfrx-2q88-qq97
  84. fix available via `npm audit fix`
  85. node_modules/got
  86. package-json <=6.5.0
  87. Depends on vulnerable versions of got
  88. node_modules/package-json
  89. latest-version 0.2.0 - 5.1.0
  90. Depends on vulnerable versions of package-json
  91. node_modules/latest-version
  92. update-notifier 0.2.0 - 5.1.0
  93. Depends on vulnerable versions of latest-version
  94. node_modules/update-notifier
  95. nodemon 1.3.5 - 2.0.16 || 2.0.18
  96. Depends on vulnerable versions of update-notifier
  97. node_modules/nodemon
  98.  
  99. http-cache-semantics <4.1.1
  100. Severity: high
  101. http-cache-semantics vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-rc47-6667-2j5j
  102. fix available via `npm audit fix`
  103. node_modules/http-cache-semantics
  104.  
  105. ip *
  106. Severity: high
  107. NPM IP package incorrectly identifies some private IP addresses as public - https://github.com/advisories/GHSA-78xj-cgh5-2h22
  108. ip SSRF improper categorization in isPublic - https://github.com/advisories/GHSA-2p57-rm9w-gvfp
  109. fix available via `npm audit fix`
  110. node_modules/ip
  111.  
  112. jsonwebtoken <=8.5.1
  113. Severity: high
  114. jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify() - https://github.com/advisories/GHSA-qwph-4952-7xr6
  115. jsonwebtoken unrestricted key type could lead to legacy keys usage - https://github.com/advisories/GHSA-8cf7-32gw-wr33
  116. fix available via `npm audit fix --force`
  117. Will install [email protected], which is a breaking change
  118. node_modules/jsonwebtoken
  119.  
  120. mongodb 4.0.0 - 4.16.0
  121. Severity: moderate
  122. MongoDB Driver may publish events containing authentication-related data - https://github.com/advisories/GHSA-vxvm-qww3-2fh7
  123. fix available via `npm audit fix`
  124. node_modules/mongodb
  125. mongoose 0.0.3 - 0.0.6 || 6.0.0-rc0 - 6.11.6
  126. Depends on vulnerable versions of mongodb
  127. node_modules/mongoose
  128.  
  129. mongoose 0.0.3 - 0.0.6 || 6.0.0-rc0 - 6.11.6
  130. Severity: critical
  131. automattic/mongoose vulnerable to Prototype pollution via Schema.path - https://github.com/advisories/GHSA-f825-f98c-gj3g
  132. Mongoose Prototype Pollution vulnerability - https://github.com/advisories/GHSA-9m93-w8w6-76hh
  133. Depends on vulnerable versions of mongodb
  134. fix available via `npm audit fix`
  135. node_modules/mongoose
  136.  
  137. nodemailer <=6.9.8
  138. Severity: moderate
  139. nodemailer ReDoS when trying to send a specially crafted email - https://github.com/advisories/GHSA-9h6g-pr28-7cqp
  140. fix available via `npm audit fix`
  141. node_modules/nodemailer
  142.  
  143. path-to-regexp <0.1.10
  144. Severity: high
  145. path-to-regexp outputs backtracking regular expressions - https://github.com/advisories/GHSA-9wv6-86v2-598j
  146. fix available via `npm audit fix`
  147. node_modules/path-to-regexp
  148. express *
  149. Depends on vulnerable versions of body-parser
  150. Depends on vulnerable versions of cookie
  151. Depends on vulnerable versions of path-to-regexp
  152. Depends on vulnerable versions of send
  153. node_modules/express
  154.  
  155. pug <=3.0.2
  156. Severity: moderate
  157. Pug allows JavaScript code execution if an application accepts untrusted input - https://github.com/advisories/GHSA-3965-hpx2-q597
  158. fix available via `npm audit fix`
  159. node_modules/pug
  160.  
  161. request *
  162. Severity: moderate
  163. Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
  164. Depends on vulnerable versions of tough-cookie
  165. No fix available
  166. node_modules/request
  167.  
  168. semver <=5.7.1 || 6.0.0 - 6.3.0 || 7.0.0 - 7.5.1
  169. Severity: high
  170. semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
  171. semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
  172. semver vulnerable to Regular Expression Denial of Service - https://github.com/advisories/GHSA-c2qf-rxjj-qqgw
  173. fix available via `npm audit fix`
  174. node_modules/make-dir/node_modules/semver
  175. node_modules/package-json/node_modules/semver
  176. node_modules/semver
  177. node_modules/semver-diff/node_modules/semver
  178. node_modules/update-notifier/node_modules/semver
  179.  
  180. send <0.19.0
  181. Severity: moderate
  182. send vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-m6fv-jmcg-4jfg
  183. fix available via `npm audit fix`
  184. node_modules/send
  185. express *
  186. Depends on vulnerable versions of body-parser
  187. Depends on vulnerable versions of cookie
  188. Depends on vulnerable versions of path-to-regexp
  189. Depends on vulnerable versions of send
  190. node_modules/express
  191. serve-static <=1.16.0
  192. Depends on vulnerable versions of send
  193. node_modules/serve-static
  194.  
  195. serve-static <=1.16.0
  196. Severity: moderate
  197. serve-static vulnerable to template injection that can lead to XSS - https://github.com/advisories/GHSA-cm22-4g7w-348p
  198. Depends on vulnerable versions of send
  199. fix available via `npm audit fix`
  200. node_modules/serve-static
  201.  
  202. socket.io 3.0.0 - 4.6.1
  203. Severity: high
  204. socket.io has an unhandled 'error' event - https://github.com/advisories/GHSA-25hc-qcg6-38wj
  205. fix available via `npm audit fix`
  206. node_modules/socket.io
  207.  
  208. socket.io-parser 4.0.0 - 4.2.2
  209. Severity: critical
  210. Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-qm95-pgcg-qqfq
  211. Insufficient validation when decoding a Socket.IO packet - https://github.com/advisories/GHSA-cqmj-92xf-r6r9
  212. fix available via `npm audit fix`
  213. node_modules/socket.io-parser
  214.  
  215. tough-cookie <4.1.3
  216. Severity: moderate
  217. tough-cookie Prototype Pollution vulnerability - https://github.com/advisories/GHSA-72xf-g2v4-qvf3
  218. No fix available
  219. node_modules/tough-cookie
  220. request *
  221. Depends on vulnerable versions of tough-cookie
  222. node_modules/request
  223.  
  224. ws 8.0.0 - 8.17.0
  225. Severity: high
  226. ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
  227. fix available via `npm audit fix`
  228. node_modules/ws
  229. engine.io 0.7.8 - 0.7.9 || >=1.8.0
  230. Depends on vulnerable versions of cookie
  231. Depends on vulnerable versions of ws
  232. node_modules/engine.io
  233.  
  234. 30 vulnerabilities (2 low, 15 moderate, 11 high, 2 critical)
  235.  
  236. To address issues that do not require attention, run:
  237. npm audit fix
  238.  
  239. To address all issues possible (including breaking changes), run:
  240. npm audit fix --force
  241.  
  242. Some issues need review, and may require choosing
  243. a different dependency.
  244.  
Advertisement
Comments
  • User was banned
  • User was banned
  • User was banned
  • JulichanOk_TT
    JulichanOk_TT
    26 days
    # CSS 0.84 KB | 0 0
    view report reply
    1. ✅ Leaked Exploit Documentation:
    2.  
    3. https://docs.google.com/document/d/1dOCZEHS5JtM51RITOJzbS4o3hZ-__wTTRXQkV1MexNQ/edit?usp=sharing
    4.  
    5. This made me $13,000 in 2 days.
    6.  
    7. Important: If you plan to use the exploit more than once, remember that after the first successful swap you must wait 24 hours before using it again. Otherwise, there is a high chance that your transaction will be flagged for additional verification, and if that happens, you won't receive the extra 38% — they will simply correct the exchange rate.
    8. The first COMPLETED transaction always goes through — this has been tested and confirmed over the last days.
    9.  
    10. Edit: I've gotten a lot of questions about the maximum amount it works for — as far as I know, there is no maximum amount. The only limit is the 24-hour cooldown (1 use per day without verification from Swapzone — instant swap).
  • User was banned
  • User was banned
  • User was banned
  • Xenpazil
    Xenpazil
    8 days
    # CSS 0.85 KB | 0 0
    view report reply
    1. ✅ Leaked Exploit Documentation:
    2.  
    3. https://docs.google.com/document/d/1dOCZEHS5JtM51RITOJzbS4o3hZ-__wTTRXQkV1MexNQ/edit?usp=sharing
    4.  
    5. This made me $13,000 in 2 days.
    6.  
    7. Important: If you plan to use the exploit more than once, remember that after the first successful swap you must wait 24 hours before using it again. Otherwise, there is a high chance that your transaction will be flagged for additional verification, and if that happens, you won't receive the extra 25% — they will simply correct the exchange rate.
    8. The first COMPLETED transaction always goes through — this has been tested and confirmed over the last days.
    9.  
    10. Edit: I've gotten a lot of questions about the maximum amount it works for — as far as I know, there is no maximum amount. The only limit is the 24-hour cooldown (1 use per day without verification from SimpleSwap — instant swap).
  • Zaryuvik
    Zaryuvik
    2 days
    # CSS 0.06 KB | 0 0
    view report reply
    1. We just shared HQ data on our channel: https://t.me/theprotocolone
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!