nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
- Severity:
- Medium
Description
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
Recommendation
Update the nadesiko3 package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.75
- Patched version(s): 3.3.75
References
Related Issues
- matrix-js-sdk has insufficient validation when considering a room to be upgraded by another - CVE-2025-59160
- Prototype pollution in ag-grid-community via the _.mergeDeep function (GHSA-876p-c77m-x2hc) - CVE-2024-38996
- JOSE vulnerable to resource exhaustion via specifically crafted JWE (GHSA-jv3g-j58f-9mq9) 3 - CVE-2022-36083
- JOSE vulnerable to resource exhaustion via specifically crafted JWE (GHSA-jv3g-j58f-9mq9) 2 - CVE-2022-36083
- Tags:
- npm
- nadesiko3
Anything's wrong? Let us know Last updated on January 31, 2023