Yeting Li

**Name of the Vulnerable Software and Affected Versions** Video List Manager WordPress plugin versions 1.7 and earlier **Description** The issue is related to a SQL injection that occurs due to improper sanitization and escaping of a parameter before it is used in a SQL statement. This can be exploited by high-privilege users, such as administrators. **Recommendations** For Video List Manager WordPress plugin versions 1.7 and earlier, update to a version that properly sanitizes and escapes parameters used in SQL statements to prevent SQL injection.

**Name of the Vulnerable Software and Affected Versions** Multi Step Form WordPress plugin versions prior to 1.7.8 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its form fields. **Recommendations** For versions prior to 1.7.8, update to version 1.7.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's form fields to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WP Social Sharing WordPress plugin versions through 2.2 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, and the attack can occur even when the unfiltered html capability is disallowed, for example in a multisite setup. **Recommendations** For WP Social Sharing WordPress plugin versions through 2.2, update to a version that properly sanitises and escapes its settings to prevent Stored Cross-Site Scripting attacks.

**Name of the Vulnerable Software and Affected Versions** Simple Basic Contact Form WordPress plugin versions prior to 20221201 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 20221201, update to version 20221201 or later to resolve the issue. As a temporary workaround, consider restricting the ability of high privilege users to modify plugin settings until the update is applied.

**Name of the Vulnerable Software and Affected Versions** The Sliderby10Web WordPress plugin versions prior to 1.2.53 **Description** The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite setups. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 1.2.53, update to version 1.2.53 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plugin's settings to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: http-server-node versions all Description: The issue concerns a Directory Traversal vulnerability via the use of the `--path-as-is` option. This allows for unauthorized access to files and directories outside the intended directory structure. Recommendations: For all versions, consider disabling the use of the `--path-as-is` option as a temporary workaround until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sey versions all **Description** The issue concerns Prototype Pollution via the `deepmerge()` function. This affects all versions of the package, allowing for potential manipulation of the prototype chain. **Recommendations** For all versions, consider disabling the `deepmerge()` function as a temporary workaround until a patch is available. Restrict access to the `deepmerge()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** comb (affected versions not specified) **Description** The issue concerns Prototype Pollution via the `deepMerge()` function. This affects all versions of the package comb. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** merge-deep2 versions all **Description** The issue concerns Prototype Pollution via the `mergeDeep()` function. This affects all versions of the merge-deep2 package. **Recommendations** For all versions, consider disabling the `mergeDeep()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** color-string versions 1.5.5 and below **Description** The issue is related to a Regular Expression Denial of Service (ReDOS) vulnerability in the color-string library, which can cause excessive resource consumption when processing crafted invalid HWB strings. This can lead to a denial of service. The vulnerability occurs due to exponential time complexity for linearly increasing input lengths for `hwb()` color strings, specifically in the regular expression that parses the hue value. The estimated processing time increases significantly with the length of the input string, with strings over 50,000 characters taking around 1.5 seconds to process. **Recommendations** For color-string version 1.5.5 and below, consider disabling the `hwb()` function until a patch is available to prevent potential denial of service attacks. Restrict input lengths for `hwb()` color strings to minimize the risk of exploitation. Avoid using the `hwb()` function with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** locutus versions prior to 2.0.15 **Description** The issue concerns a Regular Expression Denial of Service (ReDoS) vulnerability via the `gopher parsedir` function. This can lead to a denial of service. **Recommendations** For versions prior to 2.0.15, update to version 2.0.15 or later to resolve the issue. As a temporary workaround, consider disabling the `gopher parsedir` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** path-parse versions all **Description** The issue is related to Regular Expression Denial of Service (ReDoS) via `splitDeviceRe`, `splitTailRe`, and `splitPathRe` regular expressions. ReDoS exhibits polynomial worst-case time complexity. **Recommendations** For all versions, consider disabling the use of `splitDeviceRe`, `splitTailRe`, and `splitPathRe` regular expressions as a temporary workaround until a patch is available. Restrict the use of these regular expressions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** browserslist versions 4.0.0 through 4.16.5 **Description** The issue concerns a Regular Expression Denial of Service (ReDoS) that occurs during the parsing of queries. **Recommendations** For versions 4.0.0 through 4.16.5, update to a version after 4.16.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** postcss versions prior to 7.0.36 postcss versions 8.0.0 through 8.2.13 **Description** The issue is related to Regular Expression Denial of Service (ReDoS) via the `getAnnotationURL()` and `loadAnnotation()` functions in `lib/previous-map.js`. The vulnerable regexes are caused mainly by the sub-pattern `/*s* sourceMappingURL=(.*)`. This can lead to a denial of service when parsing specific CSS strings. **Recommendations** For postcss versions prior to 7.0.36, update to version 7.0.36 or later. For postcss versions 8.0.0 through 8.2.13, update to version 8.2.13 or later. As a temporary workaround, consider disabling the `getAnnotationURL()` and `loadAnnotation()` functions in `lib/previous-map.js` until a patch is available. Restrict access to the `lib/previous-map.js` module to minimize the risk of exploitation. Avoid using the `sourceMappingURL` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** postcss versions 7.0.0 through 8.2.10 **Description** The issue is related to a Regular Expression Denial of Service (ReDoS) during source map parsing, which can lead to uncontrolled resource consumption. This could allow a remote attacker to cause a denial of service. **Recommendations** For postcss versions 7.0.0 through 8.2.10, update to version 8.2.10 or later to resolve the issue. As a temporary workaround, consider restricting the use of source map parsing until a patch is available.

**Name of the Vulnerable Software and Affected Versions** CKEditor 5 versions <= 26.0.0 **Description** A regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages, including ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. This issue allows the abuse of particular regular expressions, causing a significant performance drop and potentially resulting in a browser tab freeze. **Recommendations** For versions <= 26.0.0, update to version 27.0.0 to resolve the issue. As a temporary workaround, consider restricting the use of the affected CKEditor 5 packages until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** hosted-git-info versions prior to 3.0.8 **Description** The issue is related to a Regular Expression Denial of Service (ReDoS) in the `fromUrl` function in `index.js`. This occurs due to the `shortcutMatch` regular expression, which exhibits polynomial worst-case time complexity. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 3.0.8, update to version 3.0.8 or later to resolve the issue. As a temporary workaround, consider disabling the `fromUrl` function until a patch is available. Restrict access to the `index.js` file to minimize the risk of exploitation. Avoid using the `shortcutMatch` regular expression in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** printf versions prior to 0.6.1 **Description** The issue concerns a Regular Expression Denial of Service (ReDoS) vulnerability via a regex string in lib/printf.js. The vulnerable regular expression has cubic worst-case time complexity, which can be exploited. **Recommendations** For versions prior to 0.6.1, update to version 0.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable regex string in lib/printf.js until a patch is available.

**Name of the Vulnerable Software and Affected Versions** jspdf versions prior to 2.3.1 **Description** The issue allows for ReDoS via the `addImage` function. **Recommendations** For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the `addImage` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** html-parse-stringify versions prior to 2.0.1 html-parse-stringify2 (affected versions not specified) **Description** The issue arises when certain input is sent, causing one of the regular expressions used for parsing to backtrack, which can freeze the process. **Recommendations** For html-parse-stringify versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. For html-parse-stringify2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.