Description
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.
Remediation
References
https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhm
Related Vulnerabilities
CVE-2017-1000219 Vulnerability in npm package windows-cpu
CVE-2017-16209 Vulnerability in npm package enserver
CVE-2020-11990 Vulnerability in npm package cordova-plugin-camera
CVE-2019-10749 Vulnerability in npm package sequelize
CVE-2017-12649 Vulnerability in maven package com.liferay:com.liferay.asset.browser.web