nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
- Severity:
- Medium
Description
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
Recommendation
Update the nadesiko3 package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.75
- Patched version(s): 3.3.75
References
Related Issues
- @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message - CVE-2025-64758
- `sveltekit-superforms` has Prototype Pollution in `parseFormData` function of `formData.js` - CVE-2025-62381
- matrix-js-sdk has insufficient validation when considering a room to be upgraded by another - CVE-2025-59160
- Modified package published to npm, containing malware that exfiltrates private key material - CVE-2024-54134
- Tags:
- npm
- nadesiko3
Anything's wrong? Let us know Last updated on January 31, 2023