Ali Firas

**Name of the Vulnerable Software and Affected Versions** Tempus Ex hello-video-codec version 0.1.0 **Description** A flaw exists in the BitstreamWriter::write bits() function that allows for a Denial of Service (DoS) through crafted input due to improper input validation. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** zx (affected versions not specified) **Description** A flaw exists in zx where, when invoked with the `--prefer-local` option pointing to a specific path, the command-line interface creates a symbolic link named `./node modules` to the specified path’s `node modules` directory. A logic error within the `src/cli.ts` file, specifically in the `linkNodeModules` and `cleanup` functions, causes the function to return the target path instead of the symlink path. Subsequently, the cleanup routine inadvertently deletes the target directory outside of the current working directory. This can lead to the deletion of external `node modules` directories. The vulnerable functions are `linkNodeModules()` and `cleanup()`. The vulnerable parameter is `<path>`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.