Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-11003 Vulnerability in npm package @fraction/oasis

Description

Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.

Remediation

References

https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhm

Related Vulnerabilities

CVE-2016-6817 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2023-24998 Vulnerability in maven package commons-fileupload:commons-fileupload

CVE-2021-23421 Vulnerability in npm package merge-change

CVE-2022-28158 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest

CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

Severity

Critical

Classification

CWE-352 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Tags

Third Party Advisory