lirantal

5 exploits Active since Oct 2019
CVE-2025-29927 NOMISEC CRITICAL WORKING POC
Next.js Middleware Bypass
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
14 stars
CVSS 9.1
CVE-2024-27983 NOMISEC HIGH WORKING POC
Node.js < 18.20.1, 19.x, < 20.12.1, < 21.7.2 - Denial of Service via HTTP/2 Frame Handling Race Condition
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
7 stars
CVSS 8.2
CVE-2024-21532 NOMISEC HIGH WORKING POC
ggit - OS Command Injection via fetchTags API
All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.
CVSS 7.3
CVE-2024-21533 NOMISEC MEDIUM WORKING POC
ggit - Arbitrary Argument Injection via clone() API
All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.
CVSS 6.5
CVE-2019-10760 NOMISEC CRITICAL WORKING POC
safer-eval < 1.3.2 - Arbitrary Code Execution via Constructor Properties
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
CVSS 9.9