nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
- Severity:
- Medium
Description
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
Recommendation
Update the nadesiko3 package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.75
- Patched version(s): 3.3.75
References
Related Issues
- jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations - CVE-2026-4603
- FUXA allows Remote Code Execution (RCE) via the project import functionality. - CVE-2025-69983
- JSONPath Plus allows Remote Code Execution - CVE-2025-1302
- Invalid file request can crash server - CVE-2022-31089
You might also like:
- Tags:
- npm
- nadesiko3
Anything's wrong? Let us know Last updated on January 31, 2023


