nadesiko3 allows remote attacker to inject invalid value to decodeURIComponent of nako3edit
- Severity:
- Medium
Description
Nako3edit is the editor component of Nadeshiko 3, a programming language developed based on Japanese. Improper check or handling of exceptional conditions in Nako3edit v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
Recommendation
Update the nadesiko3 package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.75
- Patched version(s): 3.3.75
References
Related Issues
- Invalid file request can crash server - CVE-2022-31089
- nadesiko3 vulnerable to OS Command Injection - CVE-2022-42496
- Possible inject arbitrary `CSS` into the generated graph affecting the container HTML - CVE-2022-31108
- Remote code execution via MongoDB BSON parser through prototype pollution - CVE-2022-39396
- Tags:
- npm
- nadesiko3
Anything's wrong? Let us know Last updated on January 31, 2023