npm package
nadesiko3
pkg:npm/nadesiko3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42496 | — | < 3.3.75 | 3.3.75 | Dec 5, 2022 | OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product. | ||
| CVE-2022-41777 | — | < 3.3.75 | 3.3.75 | Dec 5, 2022 | Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | ||
| CVE-2022-41642 | — | < 3.3.69 | 3.3.69 | Dec 5, 2022 | OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product. |
- CVE-2022-42496Dec 5, 2022affected < 3.3.75fixed 3.3.75
OS command injection vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to obtain appkey of the product and execute an arbitrary OS command on the product.
- CVE-2022-41777Dec 5, 2022affected < 3.3.75fixed 3.3.75
Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash.
- CVE-2022-41642Dec 5, 2022affected < 3.3.69fixed 3.3.69
OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 and earlier allows a remote attacker to execute an arbitrary OS command when processing compression and decompression on the product.