ready-research issues

Results 15 issues of


                                            ready-research

[Security] Prototype Pollution

@theintern/common is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Reported the same in https://www.huntr.dev/bounties/1625553948781-theintern/intern/ ***🕵️‍♂️ Proof of Concept*** 1.Create...

Security fix for ReDoS

Fixed Regular Expression Denial of Service vulnerability in URL validation Reported in https://www.huntr.dev/bounties/87c29018-1122-4ce3-992e-72dd97d91c09/ Please validate this using `Mark as valid` and `confirm the fix`.

Security fix for ReDoS

The `isEmail` functionality using vulnerable regex to verify email. Fixing the issue by Switch email pattern to the practical implementation of RFC 5322. Reported in https://www.huntr.dev/bounties/2f42873d-83d7-4006-aa0e-65d085c01071/

[Security] Fix potential ReDoS

Fix potential ReDoS

[atlas-update] Avoid Zip Slip Vulnerability

`atlas` is vulnerable to Zip Slip attacks using [unzip](https://github.com/alibaba/atlas/blob/c20c5b83f67b9a14fb597d59a287ec7a3e5bdbac/atlas-update/src/main/java/com/taobao/atlas/update/util/ZipUtils.java#L20). Reported in [huntr](https://www.huntr.dev/bounties/7f0f0f66-34db-4a83-a248-6e20c0f5d551/). ``` ZipUtils.unzip("C:\evil.zip", "D:\test\test\test"); //input evil.zip contains ../../evil.exe which will be extracted in D:\test ```

Avoid ReDoS

Avoid ReDoS issue, reported in https://www.huntr.dev/bounties/0befc8f0-bd09-4c3d-9707-34c4e97a7a95/ Please validate the above huntr issue. Thanks

Prototype Pollution

### Summary `svelte-forms-lib` package is vulnerable to Prototype Pollution. The set function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing...

bug

[Security] Fix ReDoS

Fix ReDoS Reported in https://www.huntr.dev/bounties/423e2208-6064-4150-b6f5-22f15f540259/, you can access this using GitHub. Please validate using `Mark as valid` and also `confirm the fix`. Thank you.

Security fix for ReDoS

Fixed Regular Expression Denial of Service vulnerability in URL validation. Reported in huntr https://www.huntr.dev/bounties/7b9e3905-33cf-4928-a5b7-048badaa848d/ Please validate this huntr report using Mark as valid. Thanks.

Security fix for ReDoS

Security fix for ReDoS vulnerability. https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/Trim Reported in https://www.huntr.dev/bounties/7e6cbdf3-e360-47a1-aca3-24b5e4eea9b7 Before Applying patch result: `time_cost: 2639` After applying the patch result: `time_cost: 4`