Marckweio

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 1a2c047 **Description** A segmentation violation was discovered in Jerryscript via the component `ecma find named property` at `/base/ecma-helpers.c`. **Recommendations** For Jerryscript version 1a2c047, consider avoiding the use of the `ecma find named property` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript version 1a2c047 **Description** A stack overflow issue was discovered in the ecma op function construct component at /operations/ecma-function-object.c. This issue affects the functionality of the software, potentially leading to a stack overflow. **Recommendations** For Jerryscript version 1a2c047, consider restricting access to the ecma op function construct component until a patch is available. As a temporary workaround, avoid using the affected functionality in /operations/ecma-function-object.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jerryscript versions prior to commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 **Description** The issue is caused by an unbounded recursive call to the `new opt()` function, leading to a stack overflow. This occurs in Jerryscript before the specified commit on October 20, 2021. **Recommendations** For versions prior to commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2, consider updating to a version that includes the fix for this issue. As a temporary workaround, consider disabling the `new opt()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Flamingo (aka FlamingoIM) through 2020-09-29 **Description** The issue is related to a SQL injection vulnerability in the `UserManager::addUser` function. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For Flamingo (aka FlamingoIM) through 2020-09-29, consider restricting access to the `UserManager::addUser` function until a fix is available. As a temporary workaround, avoid using the `addUser` functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flamingo (aka FlamingoIM) through 2020-09-29 **Description** The issue is related to a SQL injection vulnerability in the `UserManager::updateUserTeamInfoInDbAndMemory` function. **Recommendations** For Flamingo (aka FlamingoIM) through 2020-09-29, consider restricting access to the `UserManager::updateUserTeamInfoInDbAndMemory` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flamingo (aka FlamingoIM) through 2020-09-29 **Description** The issue allows for ../ directory traversal. This is possible because the only unpredictable part of a file-transfer request, an MD5 computation, occurs on the client side. Since the product's source code is available, the computation details can be easily determined, enabling the traversal. **Recommendations** For Flamingo (aka FlamingoIM) through 2020-09-29, consider restricting file-transfer requests until a patch is available. As a temporary workaround, avoid using the MD5 computation for file-transfer requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flamingo (aka FlamingoIM) through 2020-09-29 **Description** The issue is related to a SQL injection vulnerability in the `UserManager::updateUserInfoInDb` function. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For Flamingo (aka FlamingoIM) through 2020-09-29, consider restricting access to the `updateUserInfoInDb` function in the `UserManager` until a fix is available. As a temporary workaround, avoid using the `UserManager::updateUserInfoInDb` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flamingo (aka FlamingoIM) through 2020-09-29 **Description** The issue is related to a SQL injection vulnerability in the `UserManager::addGroup` function. **Recommendations** For Flamingo (aka FlamingoIM) through 2020-09-29, consider disabling the `UserManager::addGroup` function until a patch is available. Restrict access to the `UserManager` module to minimize the risk of exploitation.