VYPR

npm package

nadesiko3

pkg:npm/nadesiko3

Vulnerabilities (3)

  • CVE-2022-42496Dec 5, 2022
    affected < 3.3.75fixed 3.3.75

    OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.

  • CVE-2022-41777Dec 5, 2022
    affected < 3.3.75fixed 3.3.75

    Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.

  • CVE-2022-41642Dec 5, 2022
    affected < 3.3.69fixed 3.3.69

    OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.