CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38834
https://notcve.org/view.php?id=CVE-2021-38834
easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary system commands through special js code. easy-mock versiones v1.5.0-v1.6.0, permite a atacantes remotos omitir el sandbox de vm2 y ejecutar comandos arbitrarios del sistema mediante código js especial • https://www.exploit-db.com/exploits/50194 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7616
https://notcve.org/view.php?id=CVE-2020-7616
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. express-mock-middleware versiones hasta 0.0.6, es vulnerable a una Contaminación de Prototipos. Las funciones exportadas por el paquete pueden ser engañadas para agregar o modificar propiedades del "Object.prototype". • https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39 https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 1CVE-2016-6299
https://notcve.org/view.php?id=CVE-2016-6299
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. El complemento scm en mock puede permitir a los atacantes pasar por alto el mecanismo de protección chroot previsto y obtener privilegios de root a través de un archivo de especificaciones manipulado. • http://www.openwall.com/lists/oss-security/2016/09/13/2 http://www.securityfocus.com/bid/92948 https://bugzilla.redhat.com/show_bug.cgi?id=1375490 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFC4LU6GYYEVUK6LQ2FKUGMZXRTLLL5A https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VYLMPA5VLLX67DUJ6XLJ2TIW6CX2CFL4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5PH2YGYWYUAYPHK32SGUZGZXQEBEYNK • CWE-264: Permissions, Privileges, and Access Controls •