Tuesday, April 5, 2022

IRS hack folder

 3 min

 
Conteúdo partilhado com: Público
Público
Node.js third-party modules disclosed on HackerOne: `njwt`...
HACKERONE.COM
Node.js third-party modules disclosed on HackerOne: `njwt`...
I would like to report an uninitialized Buffer allocation issue in `njwt`. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed (e.g. from JSON). # Module **module name:** `njwt` **version:** 0.4....

No comments: